[CentOS] Iptables masq traffic limiting
Robert Spangler
mlists at zoominternet.net
Fri Aug 29 21:40:38 UTC 2008
On Friday 29 August 2008 17:26, Joseph L. Casale wrote:
> Where is the correct place to control what traffic is masq'ed out?
> This is what I have, but I was told the Forward chain isn't the right
> place to do this?
>
> iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
> iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED
> -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state
> NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
>
> So which table is the theoretically correct place to add all the
> ports/services I would want masq'ed out for internal clients?
Postrouting is the correct one. After everything is routed it is MASQ before
leaving the interface.
--
Regards
Robert
Smile... it increases your face value!
Linux User #296285
http://counter.li.org
More information about the CentOS
mailing list