Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-26-2008, 03:17 AM   #1
LQ Newbie
Registered: Mar 2008
Location: Athens
Distribution: Mandriva 2008 Free
Posts: 2

Rep: Reputation: 0
Post Linux Iptables Masquerade Question

Hello everyone,

I use a Mandriva Linux 2006 Distro as a Internet Gateway. The PC has 2 Eth cards, eth0 points to the Internet , eth1 to the Intranet.

The line for the iptables NAT section is this:


It works fine...

Now the question...

What happens If i change it to this...?

-A POSTROUTING -o eth0 -s --dport 80 -j MASQUERADE

Scenario 1) Linux masquerades only the http packets, i mean alerts the datagram only for the outgoing http packets and not for all other packets


Scenario 2) allows only http packets to be forwarded from the INTRANET to the INTERNET
Old 03-26-2008, 04:17 AM   #2
Registered: Apr 2007
Location: Adelaide, Australia
Distribution: Ubuntu 8.10 and 7.10 server
Posts: 95

Rep: Reputation: 15
From the way I see it it will only forward port 80 traffic to the internet and not allow any other traffic through on any other ports
Old 03-26-2008, 05:56 AM   #3
LQ Newbie
Registered: Mar 2008
Location: Athens
Distribution: Mandriva 2008 Free
Posts: 2

Original Poster
Rep: Reputation: 0
Smile Reply

By default POSTROUTING is ACCEPT....

If i am correct, masquerade changes the source ip address datagram to that of the real IP address of the router

for example source ip address changes from to the router's real ip address.

-A POSTROUTING -o eth0 -s --dport 80 -j MASQUERADE

If i do make the change above, doesn't it instruct Linux to
change the source ip address only to http packets and not to all others...?

In other words, assuming that i have a network sniffer immediately after the router. If i check all the packets coming from the router, will i see the Intranet's internal - virtual ip addresses to all packets OTHER THAN the http ones, and the router's real ip address ONLY to http packets....?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn masquerade with iptables fayax Linux - Networking 0 05-24-2007 05:12 PM
how iptables masquerade works sajjad81 Linux - Networking 1 03-15-2007 06:22 PM
iptables masquerade deconfliction ttucker Linux - Networking 15 08-01-2004 07:04 PM
iptables Masquerade Broken in Mandrake 10? lnxconvrt Mandriva 7 06-10-2004 07:33 AM
Masquerade - iptables amphion Linux - Security 6 06-08-2003 10:59 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:39 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration