[Firehol-support] Masquerading happening on simple router?
Costa Tsaousis
costa at tsaousis.gr
Tue Oct 18 20:29:26 BST 2005
Carlos Rodrigues wrote:
>BTW, by inspecting "iptables -t nat --list", I see that having
>"masquerade reverse" defined in two router blocks with the same
>outface generates two exacly equal masquerade rules. Shouldn't FireHOL
>generate only one rule in these cases? (This is rather insignificant,
>but I'm curious).
>
>
>
Unfortunatelly the helpers (like masquerade) in FireHOL do not share any
information with the packet filtering rules.
The documentation of masquerade says:
---
Please note that if *masquerade* is used within some interface
<#interface> or router <#router>, it does not respect the optional rule
parameters given to this interface or router command. *Masquerade* uses
_only_ its own optional rule parameters <#parameters>.
---
In general, to avoid confusion one should only use helpers alone, at the
beginning of the configuration and before any interface or router blocks
Costa
More information about the Firehol-support
mailing list