Help

Classical IP Masquerading

To allow the clients of you internal network to access the Internet, you need to masquerade this network with respect to the Internet, as it is based on private addresses invalid on the Internet.

ID: The unique ID number identifying this classical IP masquerading rule.
Masqueraded Network: The subnet that you want to have masqueraded through the interface below. This may be expressed as a single IP address, a subnet or an interface name. The subnet may be optionally followed by "!' and a comma-separated list of addresses and/or subnets that are to be excluded from masquerading.
Through Interface: The interface that will masquerade the subnet; this is normally your Internet interface.
Optional Network/Host: You can optionally specialize the rule by adding a subnet or host IP. When this qualification is added, only packets addressed to that host or subnet will be masqueraded.
Source Address (SNAT) optional: The source address to be used for outgoing packets. This column is optional and if left blank, the current primary IP address of the interface is used.

Example1: You have a number of IPSEC tunnels through ipsec0 and you want to masquerade traffic from your 192.168.9.0/24 subnet to the remote subnet 10.1.0.0/16 only.

Masqueraded Network: 192.168.9.0/24
Through Interface: ipsec0
Optional Network/Host: 10.1.0.0/16
Source Address (SNAT):

Example2: You have a DSL line connected on eth0 and a local network (192.168.10.0/24) connected to eth1. You want all local->net connections to use source address 206.124.146.176. Furthermore, you wish to exclude 192.168.10.44 and 192.168.10.45 from the SNAT rule

Masqueraded Network: 192.168.10.0/24!192.168.10.44,192.168.10.45
Through Interface: eth0
Optional Network/Host:
Source Address (SNAT): 206.124.146.176