From: Billy Hager (whager_at_bellsouth.net)
Date: Tue 21 May 2002 - 23:43:19 BST
What I have done since my last message ....
My connection to the internet is on a dynamic IP address, so when I set up
NAT, I set the target to MASQUERADE, like every good boy should. ;) It
seems, though, that NAT doesn't change the source address of packets comming
from my vserver when the connection origionates from the vserver.
i.e My vserver is on eth:1 192.168.2.223 and my connection to the internet is
on ppp0. Any packet the vserver sent to the internet still had 192.168.2.223
as the source address when the connection originated from the vserver.
That's what happens when MASQUERADE is the target.
when I use "SNAT --to <ipaddr ppp0 is currently bound to>", NAT handles
packets comming from connections initiated on the vserver properly. It
changes the source address to reflect the address I give to it as a command
line option
For exactness, here is what I was using ....
iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
And what works ...
iptables -t nat -A POSTROUTING -o ppp+ -j SNAT --to <IP address of ppp0>
My start up scripts are going to be a little longer now, but I've got
something that works. Does anyone know why SNAT works but not MASQUERADE?
-- Billy Hager | AIM: wwhager2 whager_at_bellsouth.net | http://www.billsbox.net