Firewalling revisited...

Ian Molton imolton at clara.net
Tue Oct 16 08:53:40 PDT 2001


On stardate Mon, 15 Oct 2001 14:48:47 +0200
Björn began the full scale invasion of earth with the following words:

> Now I have finally set up my new firewall/router. I would very much
> appreciate critique or a discussion around this.
> 
> My setup is as follows:

> 
> # give all packets coming from the internal LAN the router source
> address
> $IPTABLES -t nat -A POSTROUTING -o $EXTDEV -j SNAT --to $IPADDR
> 
> # route incoming packets to nex
> $IPTABLES -t nat -A PREROUTING -i $EXTDEV -j DNAT --to 192.168.1.1

why not:

$IPTABLES -t nat -A PREROUTING -o <iface> -j MASQUERADE
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list