Dear Animesh,
I tried ur rules, but it didn't work, i am using squid as my proxy server, also i use a dial-up modem to connect to internet, i have given this set of iptables rules, pls check them.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A FORWARD -s 10.1.0.0/16 -p tcp -j ACCEPT iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -o ppp0 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 21 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp -d 0/0 --dport 20 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp --dport 22 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp --dport 23 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp --dport 110 -j MASQUERADE iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
Thanks,
Rajendra
Animesh Singh wrote:
--- "Dileep M. Kumar" dileep@gmx.net wrote:
On Tue, Jun 15, 2004 at 09:52:07PM -0700, Animesh Singh wrote:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
Instead of MASQUERADE use SNAT. IAC, MASQUERADE is meant for non static ips like dialup, dhcp etc.
<snip> MASQUERADE is intended for use with dynamic addresses. The other thing that it does differently is that if the link goes down, entries in the nat table will be dropped with MASQUERADE. If you're using SNAT, the entries stay in the table in case the link comes back up momentarily. This makes sense for MASQUERADE, because when the link comes back up, the address will (could) be different anyway, so the connections won't ever be resumed.
SNAT use more overhead, since it seeks the external IP every time a chain is traversed.
Regards, Animesh.
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail