Hans-Werner Hilse schrieb: > Hi, > > On Tue, 11 Sep 2007 21:38:26 +0200 > Florian Philipp <[EMAIL PROTECTED]> wrote: > >> Now the kernel can handle connection state matching :) >> >> I can apply your rules with one exception: >> iptables -A POSTROUTING -o ppp0 -j MASQUERADE >> >> The same error message as before. > > But a different cause: My brain ;-) That should rather read > $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > (I forgot the "-t nat") > > There is, however, a kernel configuration needed for masquerading, too > (CONFIG_IP_NF_TARGET_MASQUERADE on newer kernels, you can search for it > -- or just "MASQUERADE" on older kernels -- using the "/" key in the > kernel's menuconfig). So if iptables keeps complaining, check that too. > > BTW: I'm starting to really hate the HOWTO that much that I might even > consider editing it. The HOWTO got this command wrong as well: It > MASQUERADEs the connections going out to the LAN interface... > > For a proper durable setup, after performing all steps manually until > you have iptables in the way, you should issue > $ /etc/init.d/iptables save > and have iptables fire up using rc-update, if not yet done. Also put > the sysctl setting in /etc/sysctl.conf. Then routing/masquerading will > be set up right on each boot. > > -hwh >
Thank you for your patience, it's finally working! If you don't edit the wiki, I'll do it (sooner or later). Just tell me if you don't want to see your name when I give you credit for the settings. -- [EMAIL PROTECTED] mailing list
