|
iptablies questions
hi, could someone check that im understanding these iptables commands properly?
(eth0 external interface) firstly iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.1 is this a form of port address translation which will send all incoming packets on port 80 to machine 192.168.100.1? secondly whats the diff between these 2 commands? i dont totally get masquerade iptables -A POSTROUTING -t nat -s 192.168.0.0/16 -o eth0 -j SNAT --to-source 192.168.0.254 iptables -A POSTROUTING -t nat -s 192.168.0.0/16 -o eth0 -j MASQUERADE cheers for any help |
yeah your first command looks fine, and as for the difference, it's more a convenience really. masquarading just means to forward the packet on addressed from that interface, rather than having to specify an actual ip address. if you change the ip of the box, the address the masq entry uses will implictly change too. there are many scenarios you'd want to nat to a certain ip address, but it's a lot simpler to just say "snat it to me" whoever you actually are.
|
cheers for the help, i understand it more now cheers,
just one final quick question, whats the differance between port address translation and port forwarding? cheers |
forwarding sends a request to another box, port translation changes the port being connected to (and potentially forwarding too)
|
ah cool i get it now, cheers for the help again
ta |
| All times are GMT -5. The time now is 10:21 AM. |