Correct way to masquerade IP in iptables
You should rather use the second one since you have multiple NICs.
Only the packages that go out of the interface connected to the Internet have to be masqueraded.
-o
means outgoing Interface so it's only a further reduction of the general first option
For more information and getting started with iptables have a look at this tutorial
Related videos on Youtube
Vijay47
Updated on September 18, 2022Comments
-
Vijay47 over 1 year
I have an ubuntu 14.04 machine running with multiple NICs. One of them have external internet access. I would like to enable external network access for all the other LAN interfaces. What is the correct way of masquerading in iptables assuming eth0 is the WAN interface. I have tried :
iptables -t nat -A POSTROUTING -j MASQUERADE
which is working fine, but most of the sites explain it with'
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
What is the difference and which is the correct way.
-
Vijay47 over 6 yearsthanks for the quick reply. The first one wont detect main interface?
-
derHugo over 6 yearsThe first one tells iptables to masqueraded any outgoing package also on the internal NIC. This works ... but is not needed and might even slow down the network
-
Vijay47 over 6 yearsI will use the 2nd one