LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-28-2011, 04:31 PM   #1
clcbluemont
Member
 
Registered: Feb 2009
Distribution: Slackware
Posts: 113
Blog Entries: 3

Rep: Reputation: 15
Iptables IP exception


I need allow a single IP address (192.168.2.10) through without it being nat'd. The following allows the first packets to come through unNAT'd however subsequent packets are NAT'd. Why?
:INPUT ACCEPT [357:35201]
:FORWARD ACCEPT [460:44968]
:OUTPUT ACCEPT [1019:153885]
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -i eth0 -o eth1.172 -j ACCEPT
-A FORWARD -i eth1.172 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
:PREROUTING ACCEPT [506:53317]
:POSTROUTING ACCEPT [849:88424]
:OUTPUT ACCEPT [508:52788]
-A POSTROUTING -s ! 192.168.2.10/32 -o eth1.172 -j MASQUERADE
-A POSTROUTING -o eth1.172 -j MASQUERADE

Thank you for any thoughts.
 
Old 10-28-2011, 04:55 PM   #2
clcbluemont
Member
 
Registered: Feb 2009
Distribution: Slackware
Posts: 113

Original Poster
Blog Entries: 3

Rep: Reputation: 15
Solved Iptables Nat exception

Solved. I replaced:
-A POSTROUTING -s ! 192.168.2.10/32 -o eth1.172 -j MASQUERADE
-A POSTROUTING -o eth1.172 -j MASQUERADE

with
-A POSTROUTING -s ! 192.168.2.10/32 -o eth1.172 -j MASQUERADE

Just need see how I would handle multiple ranges now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to add iptables NAT exception brgsousa Linux - Software 2 05-26-2010 12:57 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
help createing exception class from base STL exception qwijibow Programming 4 04-20-2005 06:23 AM
IPtables Redirection Exception? BoarderX Linux - Networking 7 09-22-2004 07:43 PM
Runtime Exception vs. Exception mikeshn Programming 1 09-22-2002 06:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration