[CentOS] Iptables masq traffic limiting

Joseph L. Casale JCasale at activenetwerx.com
Fri Aug 29 21:52:22 UTC 2008


>Postrouting is the correct one.  After everything is routed it is MASQ before
>leaving the interface.

That makes sense, but I am stuck at making the transition, should I simply
pull the port specifications from my third line in the FORWARD chain to the
first line in the POSTROUTING chain?

iptables -A POSTROUTING -t nat -o $WAN -p tcp -m multiport --dports 80,443 -j MASQUERADE
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Does that look groovy?

Thanks!
jlc




More information about the CentOS mailing list