Simple NAT Q
Denis Ducamp
Denis.Ducamp@hsc.fr
Thu, 13 Jul 2000 03:21:56 +0200
On Tue, Jul 11, 2000 at 12:31:51AM +1000, Brett Mason wrote:
> Sorry for being so stupid but I'm having trouble getting something really
> simple to work.
Everybody is from time to time ;-)
> I just want to NAT all traffic fromthe 192.168.1.0/24 subnet so it can
> have access to the internet.
>
> Can you please show me how this is done.
>
> I currently have:
> -------------
> iptables -t nat -F POSTROUTING
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to 144.132.68.111
Does paquets goes out from eth0 or not ?
What is there in /proc/net/ip_conntrack during tests ?
Your command should work but the more simple is to have :
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
But try to verify that your firewall forwards paquets :
# cat /proc/sys/net/ipv4/ip_forward
1
else :
# echo 1 > /proc/sys/net/ipv4/ip_forward
Denis.
--
Denis.Ducamp@hsc.fr -- Hervé Schauer Consultants -- http://www.hsc.fr/