Linux Iptables Masquerade Question
Hello everyone,
I use a Mandriva Linux 2006 Distro as a Internet Gateway. The PC has 2 Eth cards, eth0 points to the Internet , eth1 to the Intranet. The line for the iptables NAT section is this: -A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 -j MASQUERADE. It works fine... Now the question... What happens If i change it to this...? -A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 --dport 80 -j MASQUERADE Scenario 1) Linux masquerades only the http packets, i mean alerts the datagram only for the outgoing http packets and not for all other packets or Scenario 2) allows only http packets to be forwarded from the INTRANET to the INTERNET |
From the way I see it it will only forward port 80 traffic to the internet and not allow any other traffic through on any other ports
|
Reply
By default POSTROUTING is ACCEPT....
If i am correct, masquerade changes the source ip address datagram to that of the real IP address of the router for example source ip address changes from 129.160.10.121 to the router's real ip address. -A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 --dport 80 -j MASQUERADE If i do make the change above, doesn't it instruct Linux to change the source ip address only to http packets and not to all others...? In other words, assuming that i have a network sniffer immediately after the router. If i check all the packets coming from the router, will i see the Intranet's internal - virtual ip addresses to all packets OTHER THAN the http ones, and the router's real ip address ONLY to http packets....? THX..... |
All times are GMT -5. The time now is 01:53 PM. |