Answer the question
In order to leave comments, you need to log in
C
C
csergey2014-08-05 13:48:56
csergey, 2014-08-05 13:48:56
What is the principle of the POSTROUTE chain?
In order to forward ports on the Internet, they write that it is enough to enter 2 rules
iptables -t nat -I PREROUTING --dst 95.17.248.226 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.8.0.2:80
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 95.17.248.226
As an example. The fact that prerouting forwards packets is understandable. but what is the meaning of chain POSTROUTING?
2 answer(s)
@merryjane
I
Igor, 2014-08-05 @merryjane
Postrouting is mainly used for masquerading . That is, when you have a gateway and a "gray" network behind it. In this case, in order for machines from the "gray" network to be able to access the Internet, masquerade is required on the gateway, which will replace the "gray" source ip in the packet with the white address of the gateway or the hard-coded -j SNAT --to-source .
In the case of your rule, everything that will leave the eth0 of the gateway will have a source ip in the 95.17.248.226 packet. That is, 10.8.0.2 is replaced by 95.17.248.226 if the request leaves 95.17.248.226. And the packet leaves with "white" ip of the gateway.
Similar questions
D
D
I
D
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question