» Linux » Examen sur Linux » Examen 202 : Networking Administration » Section 5 » Question 21/27
21.You have a static external IP of 10.0.0.10 on your firewall. You want to masquerade all internal hosts on the network 192.168.0.0/24 behind this static IP. Your iptables rule is:

iptables –t nat –A POSTROUTING –s 192.168.0.0/24 –d 0/0 –j MASQUERADE
iptables –t nat –A POSTROUTING –s 192.168.0.0/24 –d/0/0 –j SNAT --to –source 10.0.0.10
iptables –t nat A FORWARD –s 192.168.0.0/24 –d 0/0 –j SNAT --to –source 10.0.0.10
iptables –t filter –A FORWARD –s 192.168.0.0/24 –d 0/0 –j MASQUERADE

Explanation: The SNAT option used in a POSTROUTING chain is used to specify that the source address of the packet should be modified. The ‘SNAT --to –source 10.0.0.10’ option specifies that the source address of all outgoing packets will be changed to 10.0.0.10.

Reference: http://www.linuxguruz.org/iptables/howto/maniptables.html

Incorrect Answers
A: MASQUERADE should only be used with dynamically assigned IP (dialup) connections: if you have a static IP address, you should use the SNAT option.
C: SNAT can only be used in a POSTROUTING chain.
D: MASQUERADE can only be used in a POSTROUTING chain.
« Question 20 Question 22 »