[ILUGC] Re: iptables - howto properly MASQUERADE
- From: Arun Khan <knura9@xxxxxxxxx>
- To: ILUG-Chennai <ilugc@xxxxxxxxxxxxx>
- Date: Sat, 12 Aug 2017 22:57:12 -0700
On Sat, Aug 12, 2017 at 6:58 PM, MohanR <mohan43u@xxxxxxxxx> wrote:
Hi,
tl;dr:
I need to properly MASQUERADE all outgoing packets only from my bridge0
interface
Why? (see below)
brief:
I have a bridge(bridge0) which I use to connect all my VMs and
Containers.
OK.
I also enabled forwarding using the below commands to
enable my VMs and Container to connect to internet,
I don't think you need to if all your VMs and Containers are in the
same IP subnet as the "host" and the host has a path to the Internet.
If not then you need to describe your network topology is some detail.
$ sudo sysctl net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
May not be required (see above).
Assuming your network topology mandates NAT, then I think you should
include the "interface" in the second line like:
$ sudo iptables -o br0 -t nat -A POSTROUTING -j MASQUERADE
I use a similar hack on my laptop to provide NAT gw over the WiFi
interface to route to WAN. My VMs are running on a different box and
connected to the laptop via Ethernet connection.
-- Arun Khan
_____________________________________
ILUGC List:
//www.freelists.org/list/ilugc
ILUGC Web:
http://ilugc.in/
Other related posts: