iptables question

sang_froid · 05-13-2010, 07:31 PM

Hi,
I am not clearly getting the following two Iptables rules...can anyone shed some light on it ?

Thank you

Quote:

-A POSTROUTING -s 192.168.4.6 -p tcp -m tcp --dport 9111 -j SNAT --to-source 202.152.251.6

-A POSTROUTING -s 192.168.5.0/255.255.255.0 -j MASQUERADE

win32sux · 05-13-2010, 07:34 PM

Quote:

-A POSTROUTING -s 192.168.4.6 -p tcp -m tcp --dport 9111 -j SNAT --to-source 202.152.251.6

This rule says: If this is a TCP packet, with source address 192.168.4.6, and destination port 9111, change the source address to 202.152.251.6.

Quote:

-A POSTROUTING -s 192.168.5.0/255.255.255.0 -j MASQUERADE

This rule says: If this packet has a source address within the 192.168.5.0/255.255.255.0 netblock, change the source address to whatever the primary IP of the outbound interface is.

IRIGHTI · 05-13-2010, 08:19 PM

I don't believe your first rule is necessary, and it looks to be detrimental considering you didn't specify an interface. Then again I may be missing something.

salasi · 05-14-2010, 04:21 AM

Quote:

Originally Posted by IRIGHTI

Then again I may be missing something.

You probably are, since the OP gave two rules and no context. It seems to be an odd thing to want to do, but I'm not sure that you can say much more than that if you do not know anything about the network set-up and nothing about the rest of the iptables ruleset.

sang_froid · 05-14-2010, 09:12 AM

Thank you for the reply. I also don't know why the first rule has been kept.

In that case, the second rule bascially does NATTING...am i correct ?

HasC · 05-14-2010, 10:01 AM

Perhaps the first rule it's for some sort of server listening on 192.168.4.6:9111

win32sux · 05-14-2010, 03:16 PM

Quote:

Originally Posted by sang_froid

In that case, the second rule bascially does NATTING...am i correct ?

They both do NAT.