mett <m...@pmars.jp> wrote:
> I end up with the script below working perfectly,
> except if I use both following rules at the beginning of the script.
> iptables -t nat -F
> iptables -t mangle -F
I would imagine it's because something else (your PPP connection, perhaps)
has already placed necessary rules in those two tables:
iptables -t nat --line-numbers -nvL
> # Masquerade <=> Changed to SNAT(seemed wiser in my situation after
> # reading doc...).
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j SNAT
> --to-source EXT.FIX.IP.ADD
MASQUERADE is required for dynamic IP addresses, as it does not maintain
its connnection table if the interface drops. It can be useful for static
ones if you want the same behaviour. The advantage of SNAT is really
for long-lived connections forwarding through the firewall device that
don't need to worry if the interface momentarily drops.
Chris
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/v2jvpaxf86....@news.roaima.co.uk
