[CentOS] Iptables masq traffic limiting

Joseph L. Casale JCasale at activenetwerx.com
Fri Aug 29 21:26:11 UTC 2008


Where is the correct place to control what traffic is masq'ed out?
This is what I have, but I was told the Forward chain isn't the right place to do this?

iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT

So which table is the theoretically correct place to add all the ports/services
I would want masq'ed out for internal clients?

Thanks!
jlc


More information about the CentOS mailing list