On 5 Sep 2001 21:06:32 -0700, [EMAIL PROTECTED] wrote:
>> On 5 Sep 2001 08:29:37 -0700, [EMAIL PROTECTED] wrote:
>>
>> >I can ping outside and inside networks from the router, and I can ping the
LAN
>> side of the router from a local computer, but I can't ping outside from the
>> local computer.
>>
>> You need SNAT ("ip masquerading") like this:
>>
>> if [ -n "$EXTERNAL" ]; then
>> for ext in $EXTERNAL; do
>> ipnm_cache $ext
>> $IPTABLES -t nat -A POSTROUTING -o $ext -j SNAT --to $IPOFIF
>> done
>> fi
>>
>> $EXTERNAL is the set of external interfaces you have, "ipnm_cache"
precomputes
>> the IP address and netmask for the respective external interface (the IP
address
>> gets stored in $IPOFIF.)
>
>Ok, I've read conflicting information on this subject, and neither solution
has worked correctly. I can't use this solution becuase I don't seem to have
ipnm_cache. I tried to follow the NAT-HOWTO which says to use these commands:
Well, the above was an excerpt from my firewalling rules (scripts.) You can
use it by simply inserting your data in the places where I have variables:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 11.22.33.44
(if eth0 is your external interface and where 11.22.33.44 is your external
IP.)
>#> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The MASQUERADE target is for dynamic interfaces like ppp0. For static IPs you
should use the above solution which I originally provided.
>at which point I get the message:
>
>iptables: No chain/target/match by that name
Hmmm, not sure why you receive this message. Any messages in syslog? Maybe
you're simply missing the relevant modules?
Have a look at
http://netfilter.kernelnotes.org/
There you should find a tutorial about netfilter and its use.
HTH,
Ralf
--
Verkaufe Original-BMW-Raeder: L I N U X .~.
http://adsl-bergs.rz.rwth-aachen.de/~rabe The Choice /V\
of a GNU /( )\
Generation ^^-^^
