Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitriy Loginov2019-01-11 14:38:48
linux
Dmitriy Loginov, 2019-01-11 14:38:48

Correct iptables rule?

One network card - enp1s0 looks to the Internet, the other enp3s0 to the local network 192.168.1.0/24
Which rule is better and more correct to use for NATa local network?
All three work for me.

  1. iptables -t nat -A POSTROUTING -o enp1s0 -j ​​MASQUERADE
  2. iptables -t nat -A POSTROUTING -o enp1s0 -j ​​SNAT --to-source IP_GATEWAY
  3. iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
pcdesign, 2019-01-11
@pcdesign 

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source IP_GATEWAY

One such rule is enough if IP_GATEWAY does not change.
masqueradeeach time it determines the external address for each new connection, naturally this affects the speed of the network, with a short-term loss of the link, it masqueraderesets all open connections, because assumes that the address has already changed. masquerademakes sense when IP_GATEWAY is dynamic.

Similar questions
N
Nikita Reshetnyak2019-10-07 07:26:25
Why can't you hear the interlocutor in the absence of a tunnel between offices? 2Reply
I
im_dimas2016-03-31 20:20:09
How to calm the mail server? 1Reply
A
Alexander Fedoruk2016-04-01 12:41:54
How to delete empty folders in a specific order in bash? 2Reply
K
karipnail2020-08-02 12:48:05
How to set up a 5.1 system for different devices? 1Reply
S
Sergei Iamskoi2016-04-01 17:40:37
How to properly start a process from PHP? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question