What is the principle of the POSTROUTE chain?

C

csergey2014-08-05 13:48:56

linux

csergey, 2014-08-05 13:48:56

In order to forward ports on the Internet, they write that it is enough to enter 2 rules
iptables -t nat -I PREROUTING --dst 95.17.248.226 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.8.0.2:80
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 95.17.248.226
As an example. The fact that prerouting forwards packets is understandable. but what is the meaning of chain POSTROUTING?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Igor, 2014-08-05
@merryjane

Postrouting is mainly used for masquerading . That is, when you have a gateway and a "gray" network behind it. In this case, in order for machines from the "gray" network to be able to access the Internet, masquerade is required on the gateway, which will replace the "gray" source ip in the packet with the white address of the gateway or the hard-coded -j SNAT --to-source .
In the case of your rule, everything that will leave the eth0 of the gateway will have a source ip in the 95.17.248.226 packet. That is, 10.8.0.2 is replaced by 95.17.248.226 if the request leaves 95.17.248.226. And the packet leaves with "white" ip of the gateway.

V

Valentine, 2014-08-05
@vvpoloskin

So that packets go to the server with the router address (95.17.248.226), and not from 10.8.0.2. Is it logical?