Linux Iptables Masquerade Question
 

Hello everyone,

I use a Mandriva Linux 2006 Distro as a Internet Gateway. The PC has 2 Eth cards, eth0 points to the Internet , eth1 to the Intranet.

The line for the iptables NAT section is this:

-A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 -j MASQUERADE.

It works fine...

Now the question...

What happens If i change it to this...?

-A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 --dport 80 -j MASQUERADE

Scenario 1) Linux masquerades only the http packets, i mean alerts the datagram only for the outgoing http packets and not for all other packets

or

Scenario 2) allows only http packets to be forwarded from the INTRANET to the INTERNET

From the way I see it it will only forward port 80 traffic to the internet and not allow any other traffic through on any other ports

Reply
 

By default POSTROUTING is ACCEPT....

If i am correct, masquerade changes the source ip address datagram to that of the real IP address of the router

for example source ip address changes from 129.160.10.121 to the router's real ip address.

-A POSTROUTING -o eth0 -s 192.168.10.0/255.255.255.0 --dport 80 -j MASQUERADE

If i do make the change above, doesn't it instruct Linux to
change the source ip address only to http packets and not to all others...?

In other words, assuming that i have a network sniffer immediately after the router. If i check all the packets coming from the router, will i see the Intranet's internal - virtual ip addresses to all packets OTHER THAN the http ones, and the router's real ip address ONLY to http packets....?

THX.....