I have a host with 2 nics and is setup as a "firewall" AND default gateway.
On the inside there are a number of routers that route traffic to
other internal network segments.
As the host acts as default gateway it has static routes defined that
directs traffic (to the other internal segments) to the internal routers:
route add -net other_internal_segment netmask 255.255.255.0 gw router_addr
I use masquerading in the FORWARD chain and when traffic that is to be
redirected (the static links) to an internal router is coming into
the FORWARD chain it will be masqueraded before it goes to the router.
If I allow all traffic in and out of the host by using this simple script:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
I can see the traffic coming into the FORWARD chain, but this time the
traffic is redirected using the gateway information and is not masqueraded.
How do I avoid the masquerading of the traffic to the internal routers when other
traffic has to have it.
-------------------------------------------------
Thanks in advance
Bo Jacobsen
e-mail: [EMAIL PROTECTED]
