CentOS - Aug 2008 - Iptables masq traffic limiting

Where is the correct place to control what traffic is masq'ed out?
This is what I have, but I was told the Forward chain isn't the right place
to do this?

iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p
tcp -m multiport --dports 80,443 -j ACCEPT

So which table is the theoretically correct place to add all the ports/services
I would want masq'ed out for internal clients?

Thanks!
jlc

On Friday 29 August 2008 17:26, Joseph L. Casale wrote:
>  Where is the correct place to control what traffic is masq'ed out?
>  This is what I have, but I was told the Forward chain isn't the right
> place to do this?
>
>  iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
>  iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED
> -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state
> NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
>
>  So which table is the theoretically correct place to add all the
> ports/services I would want masq'ed out for internal clients?
Postrouting is the correct one.  After everything is routed it is MASQ before 
leaving the interface.


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org

On Sat, Aug 30, 2008 at 2:56 AM, Joseph L. Casale
<JCasale at activenetwerx.com> wrote:
> Where is the correct place to control what traffic is masq'ed out?
> This is what I have, but I was told the Forward chain isn't the right
place to do this?
>
> iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
> iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j
ACCEPT
> iptables -A FORWARD -i $LAN -o $WAN -m state --state
NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT
> So which table is the theoretically correct place to add all the
ports/services
> I would want masq'ed out for internal clients?
Pls try belwo two

iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
iptables -A FORWARD -i $LAN -o $WAN -m state --state
NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT

> Thanks!
> jlc
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
Thank you
Indunil Jayasooriya