Hi, On Tue, 11 Sep 2007 21:38:26 +0200 Florian Philipp <[EMAIL PROTECTED]> wrote:
> Now the kernel can handle connection state matching :) > > I can apply your rules with one exception: > iptables -A POSTROUTING -o ppp0 -j MASQUERADE > > The same error message as before. But a different cause: My brain ;-) That should rather read $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE (I forgot the "-t nat") There is, however, a kernel configuration needed for masquerading, too (CONFIG_IP_NF_TARGET_MASQUERADE on newer kernels, you can search for it -- or just "MASQUERADE" on older kernels -- using the "/" key in the kernel's menuconfig). So if iptables keeps complaining, check that too. BTW: I'm starting to really hate the HOWTO that much that I might even consider editing it. The HOWTO got this command wrong as well: It MASQUERADEs the connections going out to the LAN interface... For a proper durable setup, after performing all steps manually until you have iptables in the way, you should issue $ /etc/init.d/iptables save and have iptables fire up using rc-update, if not yet done. Also put the sysctl setting in /etc/sysctl.conf. Then routing/masquerading will be set up right on each boot. -hwh -- [EMAIL PROTECTED] mailing list