LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-28-2012, 11:03 AM   #1
Chris E
LQ Newbie
 
Registered: Jun 2008
Location: Berkshire, UK.
Distribution: CentOS
Posts: 24

Rep: Reputation: 1
Masquerading with iptables


Hi Guys

I'm studying for an upcoming Exam and just cant get my head around Masquerading with iptables.

Picture this scenario, I have a laptop connected to the internet via a wireless router. On the laptop I have a couple of KVM Virtual Machines, each on a seperate private /24 subnet. If I enable IP forwarding in sysctl, and add a static routing entry both VM's can access the internet just fine. There are no iptables rules in place.

So why would I want to use the masquerading option? Even if I did set the iptables default policy to DROP on the forward chain, I can just add a rule to accept traffic over the interfaces.

I'm obviously missing something really stupid here but just can't get my head around it.

Is masquerading just a way of doing routing with iptables rules instead of creating a static route? Everything I've read makes it look like I have the results of masquerading already yet my iptables config is blank!

Thanks

Last edited by Chris E; 12-28-2012 at 11:04 AM.
 
Old 12-28-2012, 12:01 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,303

Rep: Reputation: Disabled
Masquerading = NAT Overloading (you may want to Google that). It has very little to do with routing, other than the fact that it takes place on a system acting as a router.

And yes, I agree that you seem to have a working NAT setup, even though you haven't created any iptables rules. Perhaps some KVM script adds the required rules automatically? Does iptables -t nat -L POSTROUTING show an empty POSTROUTING chain?
 
1 members found this post helpful.
Old 12-28-2012, 01:26 PM   #3
Chris E
LQ Newbie
 
Registered: Jun 2008
Location: Berkshire, UK.
Distribution: CentOS
Posts: 24

Original Poster
Rep: Reputation: 1
Thanks for the reply, I knew it was something stupid!

When looking at iptables -L (input/output/forward) there were no rules, but even if I did an iptables -F the rules were still in the NAT table!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Masquerading with iptables debeb Linux - Networking 1 07-05-2010 01:19 PM
iptables : masquerading not possible iamtux Linux - Networking 3 06-04-2005 11:32 PM
squid and iptables masquerading egyptian Linux - Security 1 09-05-2004 04:31 AM
Iptables Masquerading GOLDF1NG3R Linux - Security 3 11-10-2001 11:51 PM
Iptables Masquerading GOLDF1NG3R Linux - Networking 4 11-01-2001 04:34 AM


All times are GMT -5. The time now is 01:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration