IPTables Help

[Robert Nichols]

Nathaniel Hall wrote:
> I am wanting to create a Fedora IPTables firewall that does not 
> masquerade.  I have never been able to get this to work
> correctly, so I am pretty sure I am missing something.
> 
> I want to be able to use this firewall to allow/deny traffic as I 
> specify without changing the IP of the source.
> Another firewall is between this firewall and the Internet, so NAT is 
> performed at that firewall.  I would, however,
> like to be able to specify a range, or list, of IP addresses that do 
> masquerade (due to licensing issues) to the IP of
> the firewall.

The masquerading you want needs to be performed on that "other"
firewall between you and the internet.  If you try to do it on
the local machine, the reply packets will never make it back to you
since they will have the destination address of the firewall
machine.

-- 
Bob Nichols         Yes, "NOSPAM" is really part of my email address.