I have a question about iptables, SNAT (MASQUERADE), and the rules. I am
using at a example set of rules below. If I want to block traffic to and
from CLASS_D addresses for the firewall and the LAN are the rules below
correct? In other words will they do the job?
In regards to the FORWARD rules, since I am using NAT by masquerade,
they are useless. Will my packets go through the FORWARD chain at all?
Will they go through the NAT table directly skipping the FORWARD chain?
If so, then I should move all rules to restrict/allow traffic to the NAT
table OUTPUT rule, correct?
Stephen
# Setup (DSL)
Internet <--> NAT <---> LAN
ppp0 eth1
EXTERNAL_INTERFACE=ppp0
IP_ADDR=IP Address assigned by ISP
#--------------------------------------------
# Multicast traffic
#--------------------------------------------
$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -p udp -d $CLASS_D_MULTICAST
-j DROP
$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -p udp -s $IPADDR -d
$CLASS_D_MULTICAST -j DROP
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -p udp -d $CLASS_D_MULTICAST
-j DROP
$IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -p udp -s $IPADDR -d
$CLASS_D_MULTICAST -j DROP
