[Comm] Re: dial-in troubles... again!
Sergey V. Golovin
=?iso-8859-1?q?svgol_=CE=C1_samkon=2Eru?=
Пт Янв 10 08:54:49 MSK 2003
On 10 Jan Fri 1:30, Michael Shigorin wrote:
> On Sat, Jan 04, 2003 at 03:41:34PM +0400, Sergey V. Golovin wrote:
> > А дальше надо настроить NAT, например, так
> > iptables -t nat -A POSTROUTING -j SNAT --to-source 10.10.4.90
> > -s <здесь адрес удал. машины>
>
> Во-первых, куда удаленной? Рутера. Внешний.
Например дом->сетка на работе->интернет
Т.е. нужно с домашней(удаленной) в интер(интра)нет
> Во-вторых, в данной ситуации проще -j MASQUERADE.
не проще
from man iptables:
MASQUERADE
This target is only valid in the nat table, in the
POSTROUTING chain.
----------------------(sic!)----------------------------------------
It should only be used with dynami-
cally assigned IP (dialup) connections: if you have a
static IP address, you should use the SNAT target.
----------------------(/sic!)---------------------------------------
Mas-
querading is equivalent to specifying a mapping to the IP
address of the interface the packet is going out, but also
has the effect that connections are forgotten when the
interface goes down. This is the correct behavior when
the next dialup is unlikely to have the same interface
address (and hence any established connections are lost
anyway).
Впрочем, всегда можно поизвращаться ;-)
> В-третьих, всегда есть
> http://google.com/search?q=rusty+three+line+guide+masquerading
> :-)
--
Sergey V. Golovin
Подробная информация о списке рассылки community