On Wed, Jul 31, 2002 at 10:07:07PM -0400, C. Linus Hicks wrote:
: On Wed, 2002-07-31 at 16:33, Anthony E. Greene wrote:
: > This is why I generally recommend creating a shell script that creates all
: > firewall rules, then saves them using "service iptables save". You update
: > the script, run it, and the changes are made and saved. The next time you
: > reboot and/or restart iptables, the changes created by the custom shell
: > script are re-applied as part of the normal initscript process.
:
: That doesn't solve the problem when the act of booting may cause a new
: IP address to be assigned.
Anthony's correct - make sure you've got a script, so changes are easy
to make.
More to the point, however, is you've been told twice, this will be the
third time about how to get your problem solved. Don't reference the
external IP address in your NAT rule. There's no reason to SNAT an
entire subnet - SNAT is intended for use on single hosts. Use MASQUERADE
to do what you want, and simply reference the interface name of your
external interface.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
--
redhat-list mailing list
Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
