Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Keen to understand an iptables command  (Read 568 times)

hushcoden

  • Reg Member
  • ***
  • Posts: 196
Keen to understand an iptables command
« on: August 02, 2019, 12:46:20 PM »

Hi all, is there any networking savvy willing to advise what the following command does ?

Code: [Select]
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -j MASQUERADE
Tia.
Logged

ejs

  • Kitizen
  • ****
  • Posts: 2001
Re: Keen to understand an iptables command
« Reply #1 on: August 02, 2019, 03:40:54 PM »

From what I gather after reading the iptables-extensions man page just now, essentially it's for modifying outgoing packets so that the source IP address is changed to be your external WAN IP address.
Logged

hushcoden

  • Reg Member
  • ***
  • Posts: 196
Re: Keen to understand an iptables command
« Reply #2 on: August 02, 2019, 06:09:10 PM »

Thanks ejs, the reason I'm asking is because I found a tutorial on how to access the modem GUI if you are behind a router (I have a Draytek in bridge mode and an Asus RT-AC66U_B1 as router) and I found the following two commands (the modem IP address is 192.168.1.1):

Code: [Select]
ifconfig $(nvram get wan0_ifname):0 192.168.1.2 netmask 255.255.255.0
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -j MASQUERADE

Now, with just the first command I am able to access the GUI, therefore my question as I thought that if not using the second command I could have had some security issues... but by reading your answer, I understand I'm safe also not running that iptables command, am I right ?
« Last Edit: August 02, 2019, 06:16:03 PM by hushcoden »
Logged

ejs

  • Kitizen
  • ****
  • Posts: 2001
Re: Keen to understand an iptables command
« Reply #3 on: August 02, 2019, 06:38:36 PM »

A link to the tutorial might be useful. Without more context, such as the IP addresses and state of things before either of the commands, I'm having difficulty inferring the purpose of the commands.

That iptables MASQUERADE rule looks like a standard rule that will be in every typical "router" doing NAT. So I can't see the purpose of adding a standard rule that would be already present, and can't work out what other function someone might be trying to do with it.
Logged

hushcoden

  • Reg Member
  • ***
  • Posts: 196
Logged

ejs

  • Kitizen
  • ****
  • Posts: 2001
Re: Keen to understand an iptables command
« Reply #5 on: August 02, 2019, 07:34:56 PM »

I do not understand the necessity to put the modem on a different subnet to the rest of the LAN, and then faff about making it so that the two different subnets can talk to each other. I wouldn't have thought that the WAN PPPoE connection from router to ISP has anything to do with the LAN IP address or subnet of the modem.

The very first line:
Quote
In this case the router itself creates the PPPoE connection to the ISP server; but to work, the connection between the modem and the router must have an IP address.
Why? What for? It's PPP over Ethernet, not PPP over IP.

The whole tutorial just seems like a solution to a problem you've needlessly created. It's also about 10 years old.
Logged

hushcoden

  • Reg Member
  • ***
  • Posts: 196
Re: Keen to understand an iptables command
« Reply #6 on: August 03, 2019, 10:28:23 AM »

Many thanks ejs, and glad to see I don't need to bother to input any iptables command...
Logged
 

anything