Moti wrote:
> i have a file called internal_networks ->
> cat internal_networks >
> 192.168.0.0/24
> 192.168.1.0/24
> 192.168.2.0/24
> and so on
> and the script has a loop
> for net in `cat internal_networks` ;do
> iptables -t nat -A PREROUTING -o eth0 -s $net -j MASQUARADE
> done
> will that be a good idea ? or would you recommend putting the vars n the
> script and looping it ( e.g INTERNAL_NETS=`blah blah ` )
If things are complicated, the external file may
be best. That gets the networks defined in one
place, ensures they're consistent wherever they're
used. For a simple network, I'd just define it in
the script.
There are also alternatives you don't mention:
for i in 1 2 3 4
do
iptables -t nat ... -a 192.168.$i.0/24 -j ...
done
or just something like:
iptables -t nat ... -a 192.168.0.0/22 -j ..
to get all four in one rule.
