On Thu, 2002-08-01 at 09:21, Jason Costomiris wrote: > On Wed, Jul 31, 2002 at 10:07:07PM -0400, C. Linus Hicks wrote: > : On Wed, 2002-07-31 at 16:33, Anthony E. Greene wrote: > : > This is why I generally recommend creating a shell script that creates all > : > firewall rules, then saves them using "service iptables save". You update > : > the script, run it, and the changes are made and saved. The next time you > : > reboot and/or restart iptables, the changes created by the custom shell > : > script are re-applied as part of the normal initscript process. > : > : That doesn't solve the problem when the act of booting may cause a new > : IP address to be assigned. > > Anthony's correct - make sure you've got a script, so changes are easy > to make. > > More to the point, however, is you've been told twice, this will be the > third time about how to get your problem solved. Don't reference the > external IP address in your NAT rule. There's no reason to SNAT an > entire subnet - SNAT is intended for use on single hosts. Use MASQUERADE > to do what you want, and simply reference the interface name of your > external interface.
I'm not the one with the problem and I agree that using MASQUERADE is a good way to solve the problem. I have never offered any arguments on the subject of SNAT versus MASQUERADE, and I apologize for not suggesting the use of MASQUERADE originally. Using MASQUERADE obviates the need for it, but for completeness, isn't it a good idea to answer the question as well? Then he can make up his own mind. The wisdom of the list comes from the diversity of the people on it. Linus -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
