MASQUERADE and SNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is really a continuation of a thread "Lan to Wan reprise" but
with a diverging topic. Perhaps someone who didn't follow the
first thread may pick up on this subject line and offer an
explanation. 

I recently have had to configure the same Linux box in two
different locations. This machine is serving as a router, web
gateway, dhcp controller for my lan, and web server, among other
things. I had a huge hassle configuring the first time, because
the iptables manual, and numerous tutorials I used on the net all
said to configure my iptables with SNAT to allow access to the net
from inside the lan. FC3's iptables manual is explicit about this:
SNAT is for use with static IP addresses and MASQUERADE is for use
with dynamic ones, they cite dialup. Despite this, after many
hassles, I believe it was Scot H who suggested I had to implement
MASQUERADE, even in my configuration. The same problem just
reoccurred at home. I began having problems as soon as I brought
the machine home, and that led to a concatenated series of
trial-and-error attempts, that led to my turning off MASQUERADE;
in the end, when I got everything else configured right, the final
step was to turn MASQUERADE back on. 

So, my questions: Is this a product of my imperfect reading of the
manual, an instance of wrong documentation, a bit of both? By
using MASQUERADE and not SNAT, have I exposed my box to any
mischief? 

Claude Jones
Bluemont, VA, USA 



 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux