On Sat, 12 Oct 2002 20:31:35 +0200 (CEST), Jean Francois Ortolo wrote:
> I presume my script should contain these few instructions:
>
> --- Beggining of the script
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -A FORWARD -i eth1 -j ACCEPT
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> route add -net 192.168.1.0 netmask 255.255.255.255.0 /
> gw ${IPADDR} dev eth1
> --- End of the script
The last line could be either a static route or a dynamic route
created on-the-fly by pppd. Not sure why you enter it manually.
> This all I need to set up an access from any address within the
> range: 192.168.1.1 - 192.168.1.255 ( internal computers connected to
> the switch
> ), through the eth1 internal interface, and the eth0 external
> interface, whose address is ${IPADDR}.
>
> My question is:
>
> What happens, after an existing TCP connection has been established
> from
> the lan to an outdise server, when a need for a new connection from
> the outside by the same server to a specified port ( for example auth
> 113 ), on this same internal address, occurs ?
>
> The problem is: I have only one external address, ${IPADDR}, and
> what
> makes the incoming packet to be directed onto the right address inside
> the lan ? That is, the internal address from which the initial TCP
> connection was coming from ?
Roughly, IP Masquerading modifies the source port in outgoing
packets in a way that it is able to recognize the reply packets for
a connection and then revert the masquerading appropriately. There
is no extra iptables rule you need to enter.
msg02470/pgp00000.pgp
Description: PGP signature
