[CentOS] Iptables masq traffic limiting
mlists at zoominternet.net
Fri Aug 29 21:40:38 UTC 2008
On Friday 29 August 2008 17:26, Joseph L. Casale wrote:
> Where is the correct place to control what traffic is masq'ed out?
> This is what I have, but I was told the Forward chain isn't the right
> place to do this?
> iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
> iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED
> -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state
> NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
> So which table is the theoretically correct place to add all the
> ports/services I would want masq'ed out for internal clients?
Postrouting is the correct one. After everything is routed it is MASQ before
leaving the interface.
Smile... it increases your face value!
Linux User #296285
More information about the CentOS