[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] nat of locally generated connections (correction)
iptables -t nat -I POSTROUTING <packet matching options> \
-j SNAT --to-source <addr>
on non-dynamic connections. I just tried, it also works with
"-j MASQUERADE" in POSTROUTING. Make sure your kernel config has
CONFIG_IP_NF_NAT_LOCAL=y. At least that is necessary for SNAT. The default
kernel for SuSE9.0 comes with CONFIG_IP_NF_NAT_LOCAL=n, so you probably
need to build your own kernel.
--On Tuesday, January 27, 2004 11:14:40 +0100 BLeonhardt@xxxxxxxxxxx wrote:
I'll correct my statement : it shouldn't work - MASQUERADE is only valid
for POSTORUTING :-( ... but how do I do that instead ?
didn't find anything useful yet - even not at netfilter.org in the nat
I need to masq locally generated outgoing packets for dynamic ip ...
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here