[CentOS] Iptables masq traffic limiting

Fri Aug 29 21:40:38 UTC 2008
Robert Spangler <mlists at zoominternet.net>

On Friday 29 August 2008 17:26, Joseph L. Casale wrote:

>  Where is the correct place to control what traffic is masq'ed out?
>  This is what I have, but I was told the Forward chain isn't the right
> place to do this?
>  iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
>  iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED
> -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state
> NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
>  So which table is the theoretically correct place to add all the
> ports/services I would want masq'ed out for internal clients?

Postrouting is the correct one.  After everything is routed it is MASQ before 
leaving the interface.



Smile... it increases your face value!
Linux User #296285