LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables question (https://www.linuxquestions.org/questions/linux-security-4/iptables-question-807701/)

sang_froid 05-13-2010 07:31 PM

iptables question
 
Hi,
I am not clearly getting the following two Iptables rules...can anyone shed some light on it ?

Thank you

Quote:


-A POSTROUTING -s 192.168.4.6 -p tcp -m tcp --dport 9111 -j SNAT --to-source 202.152.251.6

-A POSTROUTING -s 192.168.5.0/255.255.255.0 -j MASQUERADE


win32sux 05-13-2010 07:34 PM

Quote:

-A POSTROUTING -s 192.168.4.6 -p tcp -m tcp --dport 9111 -j SNAT --to-source 202.152.251.6
This rule says: If this is a TCP packet, with source address 192.168.4.6, and destination port 9111, change the source address to 202.152.251.6.

Quote:

-A POSTROUTING -s 192.168.5.0/255.255.255.0 -j MASQUERADE
This rule says: If this packet has a source address within the 192.168.5.0/255.255.255.0 netblock, change the source address to whatever the primary IP of the outbound interface is.

IRIGHTI 05-13-2010 08:19 PM

I don't believe your first rule is necessary, and it looks to be detrimental considering you didn't specify an interface. Then again I may be missing something.

salasi 05-14-2010 04:21 AM

Quote:

Originally Posted by IRIGHTI (Post 3967703)
Then again I may be missing something.

You probably are, since the OP gave two rules and no context. It seems to be an odd thing to want to do, but I'm not sure that you can say much more than that if you do not know anything about the network set-up and nothing about the rest of the iptables ruleset.

sang_froid 05-14-2010 09:12 AM

Thank you for the reply. I also don't know why the first rule has been kept.

In that case, the second rule bascially does NATTING...am i correct ?

HasC 05-14-2010 10:01 AM

Perhaps the first rule it's for some sort of server listening on 192.168.4.6:9111 :scratch:

win32sux 05-14-2010 03:16 PM

Quote:

Originally Posted by sang_froid (Post 3968419)
In that case, the second rule bascially does NATTING...am i correct ?

They both do NAT.


All times are GMT -5. The time now is 01:46 AM.