MASQUERADE

Sasa Stupar sasa at stupar.homelinux.net
Fri Jun 11 08:54:47 UTC 2004 

Pete Nesbitt pravi:

> On June 9, 2004 05:26 pm, hanfamily at earthlink.net wrote:
> 
>>Hi,
>>I've been trying to get Masquerade working on my new RHEL system all
>>week. I tried clearing the iptables the setup created and making
>>a test set but it didn't work then I read you needed to load the
>>ipt_MASQUERADE module, since it wasn't loaded I tried using insmod
>>to load it. I get the following error
>>.../ipt_MASQUERADE.o unresolved symbol ip_nat_setup_info_R1nf023n8
>>Any idea how to get it to load?
>>Also is there somewhere I can find how redhat-config-securtitylevel
>>gets its syntax since I can't figure out how it decides which modules
>>to load at start up but I see where it loads them in /etc/rc.d/iptables
>>using the /etc/sysconfig/iptables to decide what to do I am worried that
>>if i just replace /etc/sysconfig/iptables with my own set it will break
>>things. If I ever get this to work do I need to replace /etc/rc.d/iptables
>>with the new iptables and have it start with /sbin/insmod to load the
>>modules instead.
>>                 Thanks
>>                 Linda
> 
> 
> 
> Hi Linda,
> I have found the best method for setting up iptables is to not use the 
> redhat-config-securtitylevel (mostly because I find the syntax confusing). I 
> either just put all the rules in the init script (/etc/init.d/iptables), or 
> else call a separate file from the init script. Either way, I like the 
> regular netfilter rules (as opposed to the  redhat-config-securtitylevel  
> format).
> 
> As far as getting mascarading going, if it is just for outbound traffic, you 
> just need to use the POSTROUTING chain. 
> 
> The order of the rules should generally be:
> prerouting
> postrouting
> input
> forward
> output
> custom chains called from and returned to one of the above
> 
> 
> Here is an excerpt from my firewall to mascarade all my outbound LAN and DMZ 
> (just a web server) traffic:
> # outbound LAN & web server connections are all masquaraded
> $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE
> $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE
> 
> Hope that helps.

Or even better: use GUI tool called Firestarter 
http://firestarter.sourceforge.net
Very easy to setup your iptables.

More information about the redhat-list mailing list