[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] nat of locally generated connections (correction)



Hello,

I use

iptables -t nat -I POSTROUTING <packet matching options> \
               -j SNAT --to-source <addr>

on non-dynamic connections. I just tried, it also works with
"-j MASQUERADE" in POSTROUTING. Make sure your kernel config has CONFIG_IP_NF_NAT_LOCAL=y. At least that is necessary for SNAT. The default kernel for SuSE9.0 comes with CONFIG_IP_NF_NAT_LOCAL=n, so you probably need to build your own kernel.

hth
Matthias

--On Tuesday, January 27, 2004 11:14:40 +0100 BLeonhardt@xxxxxxxxxxx wrote:
I'll correct my statement : it shouldn't work - MASQUERADE is only valid
for POSTORUTING :-( ... but how do I do that instead ?

didn't find anything useful yet - even not at netfilter.org in the nat
howtos...

I need to masq locally generated outgoing packets for dynamic ip ...

-bruno


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here