Re: Lan to Wan reprise - Solved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Vian wrote:



I have not used tcpdump in some time, but that does not look correct for the external interface.

192.168.2.253 and 10.0.4.62 are both private addresses.  You may have
forwarding on but not masquerading.  If that is true the it goes out but
never gets back.....


This turned out to be the same solution as last time I had this problem, but, the whole reason has me stumped.

iptables -t nat -A POSTROUTING -o 66.225.207.87 -j MASQUERADE

The addition of this line did it. Most of the scripts I've been trying, and tutorials, and the manual for iptables itself, say don't use MASQUERADE for static IP addresses.
"This target is only valid in the nat table, in the POSTROUTING chain. It should only be used with dynamically assigned IP (dialup) connections: if you have a static IP address, you
should use the SNAT target." -- from the man for iptables in FC3. When I brought the working machine home, it was still configured with MASQUERADE, and it was only when things refused to work that I started getting into more involved firewall scripting. Every tutorial I read said not to use MASQUERADE for static IP addresses, so I eventually configured my script without it -- so, why does it work???


If anyone reads this could you point your browser at http://66.225.207.87 and tell me if it returns a page "Creative Media Associates" so I can know if http server is up.

--
Claude Jones
Bluemont, VA, USA


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux