Lan to Wan reprise - Solved
Claude Jones
claude_jones at levitjames.com
Mon Mar 14 07:23:13 UTC 2005
Jeff Vian wrote:
>
>>
>> I have not used tcpdump in some time, but that does not look correct for
>> the external interface.
>>
>> 192.168.2.253 and 10.0.4.62 are both private addresses. You may have
>> forwarding on but not masquerading. If that is true the it goes out but
>> never gets back.....
>>
>>
This turned out to be the same solution as last time I had this problem,
but, the whole reason has me stumped.
iptables -t nat -A POSTROUTING -o 66.225.207.87 -j MASQUERADE
The addition of this line did it. Most of the scripts I've been trying,
and tutorials, and the manual for iptables itself, say don't use
MASQUERADE for static IP addresses.
"This target is only valid in the nat table, in the POSTROUTING
chain. It should only be used with dynamically assigned IP (dialup)
connections: if you have a static IP address, you
should use the SNAT target." -- from the man for iptables in FC3. When I
brought the working machine home, it was still configured with
MASQUERADE, and it was only when things refused to work that I started
getting into more involved firewall scripting. Every tutorial I read
said not to use MASQUERADE for static IP addresses, so I eventually
configured my script without it -- so, why does it work???
If anyone reads this could you point your browser at
http://66.225.207.87 and tell me if it returns a page "Creative Media
Associates" so I can know if http server is up.
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list