Re: Masquerading

Glynn Clements (
Fri, 31 Dec 1999 03:56:18 +0100 (GMT--1:00)

Grischa Schuering wrote:

> I was posting quite a lot articels about this matter in newsgroups, now
> I know why the things I am trying might not be working. Can you give me the
> last hint ?
> I set up a private network on a linux box by masquerading
> (SuSe 6.2) on eth1. eth0 is connected to a registered network which is
> connected to the internet by a cisco router. I also use a portmaster router
> to dial in from home (on the registered network).
> Now I want to reach the computers behind the linux box from the pertmaster,
> which has a static route to the private ips.
> When masquerading is turned on, it is not working, when I turn it off, it
> does. I believe it behaves this way, because all outgoing ips are
> masqueraded with the eth0 ip of the linux box.
> The start/stop script looks like this:
> ipchains -N user_msq
> ipchains -A user_msq -s 0/0 -d 0/0 -j MASQ
> ipchains -A forward -s -d 0/0 -i eth0 -j user_msq
> ipchains -D forward -s -d 0/0 -i eth0 -j user_msq
> ipchains -F user_msq
> ipchains -X user_msq
> How does the comand has to look like which prevents masquerading a specific
> destination ip range ????

ipchains -F forward
ipchains -A forward -s -i eth0 -d x.x.x.x/x -j ACCEPT
ipchains -A forward -s -i eth0 -j MASQ
ipchains -A forward -j DENY -l

where x.x.x.x/x is the registered network.

Glynn Clements <>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to