MASQUERADE
Sasa Stupar
sasa at stupar.homelinux.net
Fri Jun 11 08:54:47 UTC 2004
Pete Nesbitt pravi:
> On June 9, 2004 05:26 pm, hanfamily at earthlink.net wrote:
>
>>Hi,
>>I've been trying to get Masquerade working on my new RHEL system all
>>week. I tried clearing the iptables the setup created and making
>>a test set but it didn't work then I read you needed to load the
>>ipt_MASQUERADE module, since it wasn't loaded I tried using insmod
>>to load it. I get the following error
>>.../ipt_MASQUERADE.o unresolved symbol ip_nat_setup_info_R1nf023n8
>>Any idea how to get it to load?
>>Also is there somewhere I can find how redhat-config-securtitylevel
>>gets its syntax since I can't figure out how it decides which modules
>>to load at start up but I see where it loads them in /etc/rc.d/iptables
>>using the /etc/sysconfig/iptables to decide what to do I am worried that
>>if i just replace /etc/sysconfig/iptables with my own set it will break
>>things. If I ever get this to work do I need to replace /etc/rc.d/iptables
>>with the new iptables and have it start with /sbin/insmod to load the
>>modules instead.
>> Thanks
>> Linda
>
>
>
> Hi Linda,
> I have found the best method for setting up iptables is to not use the
> redhat-config-securtitylevel (mostly because I find the syntax confusing). I
> either just put all the rules in the init script (/etc/init.d/iptables), or
> else call a separate file from the init script. Either way, I like the
> regular netfilter rules (as opposed to the redhat-config-securtitylevel
> format).
>
> As far as getting mascarading going, if it is just for outbound traffic, you
> just need to use the POSTROUTING chain.
>
> The order of the rules should generally be:
> prerouting
> postrouting
> input
> forward
> output
> custom chains called from and returned to one of the above
>
>
> Here is an excerpt from my firewall to mascarade all my outbound LAN and DMZ
> (just a web server) traffic:
> # outbound LAN & web server connections are all masquaraded
> $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE
> $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE
>
> Hope that helps.
Or even better: use GUI tool called Firestarter
http://firestarter.sourceforge.net
Very easy to setup your iptables.
More information about the redhat-list
mailing list