[lug] help with iptables
Carl Wagner
carl.wagner at verbalworld.com
Tue Feb 22 16:00:55 MST 2011
Hi,
I have an application where I need to do SourceNAT, but don't want to
change the source IP for traffic originating on the local box.
This is the script I am using to try to allow the servers out to the
Internet:
======
#!/bin/bash
# Delete and flush. Default table is "filter". Others like "nat" must be
explicitly stated.
iptables --flush # Flush all the rules in filter
and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are
not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Source-NAT
iptables --table nat --append POSTROUTING --out-interface eth0 -j SNAT
--to {a public IP behind a firewall}
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by
kernel
=======
How would I exclude the local boxes IP's/localhost from the SourceNAT?
Thanks,
Carl
More information about the LUG
mailing list