Nathaniel Hall wrote:
I am wanting to create a Fedora IPTables firewall that does not
masquerade. I have never been able to get this to work
correctly, so I am pretty sure I am missing something.
I want to be able to use this firewall to allow/deny traffic as I
specify without changing the IP of the source.
Another firewall is between this firewall and the Internet, so NAT is
performed at that firewall. I would, however,
like to be able to specify a range, or list, of IP addresses that do
masquerade (due to licensing issues) to the IP of
the firewall.
The masquerading you want needs to be performed on that "other"
firewall between you and the internet. If you try to do it on
the local machine, the reply packets will never make it back to you
since they will have the destination address of the firewall
machine.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
