[Comm] Re: dial-in troubles... again!

[Sergey V. Golovin]

On 10 Jan Fri  1:30, Michael Shigorin wrote:
> On Sat, Jan 04, 2003 at 03:41:34PM +0400, Sergey V. Golovin wrote:
> > А дальше надо настроить NAT, например, так
> > iptables -t nat -A POSTROUTING -j SNAT --to-source 10.10.4.90
> > -s <здесь адрес удал. машины>
> 
> Во-первых, куда удаленной?  Рутера.  Внешний.

Например дом->сетка на работе->интернет
Т.е. нужно с домашней(удаленной) в интер(интра)нет

> Во-вторых, в данной ситуации проще -j MASQUERADE.

не проще
from man iptables:

 MASQUERADE
       This target is  only  valid  in  the  nat  table,  in  the
       POSTROUTING  chain. 
----------------------(sic!)----------------------------------------
       			  It  should only be used with dynami-
       cally assigned IP (dialup)  connections:  if  you  have  a
       static  IP  address, you should use the SNAT target. 
----------------------(/sic!)---------------------------------------
							 Mas-
       querading is equivalent to specifying a mapping to the  IP
       address of the interface the packet is going out, but also
       has the effect that connections  are  forgotten  when  the
       interface  goes  down.   This is the correct behavior when
       the next dialup is unlikely to  have  the  same  interface
       address  (and  hence  any established connections are lost
       anyway).

Впрочем, всегда можно поизвращаться ;-)

> В-третьих, всегда есть
> http://google.com/search?q=rusty+three+line+guide+masquerading
> :-)


-- 
Sergey V. Golovin