View Single Post
  #7  
Old 18th September 2006, 09:21
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 189
Thanks: 8
Thanked 15 Times in 7 Posts
Default GW via SNAT and NOT MASq

HI,
I did find it, It is an MOD and this shoeld only be done if you know yr stuff. I do not like this, althow clearly the intended method by the author, It is messy and non-elegant. I would of liked to see an setting in the bastille-firewall.cfg file asking to SNAT or MASq

vi /sbin/bastille-netfilter or edit /sbin/bastille-netfilter
remark the line Around line 390-391
# ${IPTABLES} -t nat -A POSTROUTING -s ${net} -o ${pub} -j MASQUERADE
# ${IPTABLES} -A FORWARD -s ${net} -o ${pub} -j ACCEPT
Around line 397 Remove the # (uncomment it)
${IPTABLES} -t nat -A POSTROUTING -o ${DEFAULT_GW_IFACE} -j SNAT --to ${DEFAULT_GW_IP}

What is great is that the DEFAULT_GW_IFACE is self-detected and come from your interface set-up.

Last edited by Morons; 18th September 2006 at 09:30.
Reply With Quote