[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Network problems
- From: Timothy Murphy <gayleard@xxxxxxxxxx>
- Date: Fri, 11 May 2012 16:25:12 +0100
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- Organization: Trinity College
- Reply-to: gayleard@xxxxxxxxxx, Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: KNode/4.8.2
Olav Vitters wrote:
> On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote:
>> I couldn't find a clear account of the effect of the line
>> anywhere in the shorewall documentation.
>
> Add it, apply the changes and run the following as root:
> iptables -t nat -L -n
>
> That'll tell you what it does.
I did do that:
----------------------------------
[tim@grover two-interfaces]$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth0_masq all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain dnat (1 references)
target prot opt source destination
net_dnat all -- 0.0.0.0/0 0.0.0.0/0
Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0
----------------------------------
I don't find this very clear.
I take it that it supports what I said, namely
==================================
-------------------------------
I have the lines
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
in /etc/shorewall/masq on my server.
-------------------------------
My question is: what exactly is the effect of this?
Does IP masquerading by default only apply
to the firewall server to modem interface (eth0 in my case)?
And does the above line mean that it will also be applied
to packets reaching the firewall server on the eth1 LAN?
==================================
If I was right, wouldn't it have been simpler just to say,
"Yes, you are right"?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
