Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitriy Loginov2019-01-11 14:38:48
linux
Dmitriy Loginov, 2019-01-11 14:38:48

Correct iptables rule?

One network card - enp1s0 looks to the Internet, the other enp3s0 to the local network 192.168.1.0/24
Which rule is better and more correct to use for NATa local network?
All three work for me.

  1. iptables -t nat -A POSTROUTING -o enp1s0 -j ​​MASQUERADE
  2. iptables -t nat -A POSTROUTING -o enp1s0 -j ​​SNAT --to-source IP_GATEWAY
  3. iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
pcdesign, 2019-01-11
@pcdesign 

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source IP_GATEWAY

One such rule is enough if IP_GATEWAY does not change.
masqueradeeach time it determines the external address for each new connection, naturally this affects the speed of the network, with a short-term loss of the link, it masqueraderesets all open connections, because assumes that the address has already changed. masquerademakes sense when IP_GATEWAY is dynamic.

Similar questions
E
eight_bit2019-10-21 11:41:25
Laptop freezes on reboot after installing additional SSD, how to diagnose? 1Reply
J
joha07382021-05-11 15:59:03
Is it possible to create an array from methods in Java? 3Reply
A
Alexander2017-06-23 20:13:44
Accepting cookies. Why is it returning an array? 2Reply
R
Ruslan2017-05-06 21:48:08
Partitions in Linux? 2Reply
A
Anatoly D2019-10-07 17:40:24
How to clone customized ubuntu? 11Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question