MASQUERADE

Pete Nesbitt pete at linux1.ca
Fri Jun 11 01:39:47 UTC 2004 

On June 9, 2004 05:26 pm, hanfamily at earthlink.net wrote:
> Hi,
> I've been trying to get Masquerade working on my new RHEL system all
> week. I tried clearing the iptables the setup created and making
> a test set but it didn't work then I read you needed to load the
> ipt_MASQUERADE module, since it wasn't loaded I tried using insmod
> to load it. I get the following error
> .../ipt_MASQUERADE.o unresolved symbol ip_nat_setup_info_R1nf023n8
> Any idea how to get it to load?
> Also is there somewhere I can find how redhat-config-securtitylevel
> gets its syntax since I can't figure out how it decides which modules
> to load at start up but I see where it loads them in /etc/rc.d/iptables
> using the /etc/sysconfig/iptables to decide what to do I am worried that
> if i just replace /etc/sysconfig/iptables with my own set it will break
> things. If I ever get this to work do I need to replace /etc/rc.d/iptables
> with the new iptables and have it start with /sbin/insmod to load the
> modules instead.
>                  Thanks
>                  Linda


Hi Linda,
I have found the best method for setting up iptables is to not use the 
redhat-config-securtitylevel (mostly because I find the syntax confusing). I 
either just put all the rules in the init script (/etc/init.d/iptables), or 
else call a separate file from the init script. Either way, I like the 
regular netfilter rules (as opposed to the  redhat-config-securtitylevel  
format).

As far as getting mascarading going, if it is just for outbound traffic, you 
just need to use the POSTROUTING chain. 

The order of the rules should generally be:
prerouting
postrouting
input
forward
output
custom chains called from and returned to one of the above


Here is an excerpt from my firewall to mascarade all my outbound LAN and DMZ 
(just a web server) traffic:
# outbound LAN & web server connections are all masquaraded
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE

Hope that helps.
-- 
Pete Nesbitt, rhce

More information about the redhat-list mailing list