[ale] Iptables packet mangling

Bob Kruger krugerb at benning.army.mil
Fri Jun 29 18:13:19 EDT 2001


I am looking for a good example to do some outgoing packet mangling for
a small class C subnet that is routed through a Linux box prior to being
sent to the Internet.  Previously with ipchains I did this via
masquerading.  The "man iptables" recommends using SNAT if the outgoing
IP address is stable (which, in my case, it is).

Example:

Six systems, on class C Subnet, 192.168.1.0/24
Linux bridge/route, eth0 on 192.168.1.1
Same Linux bridge, eth1 on 172.16.81.10.

Traffic for the small subnet will go out through eth1 on the Linux box.

I would like all outgoing packets to have a source address of
172.16.81.10 (e.g., a little masquerading) after leaving the Linux box.

Packet forwarding is working fine, as is everything else.  I just am not
coming up with a good solution on packet mangling.  Anyone have a good
solution they are willing to share?  IPTables seems robust and fast,
albeit good documentation and examples are a little sparse at the
present.

Thanks in advance for any assistance.

Regards - Bob Kruger
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list