Why does NAT have no options?

Home Page Forums Network Management ZeroShell Why does NAT have no options?

This topic contains 1 reply, has 0 voices, and was last updated by  houkouonchi 8 years, 9 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #42564

    houkouonchi
    Member

    I was wondering why the NAT of zeroshell only lists interface and imply does a -J MASQUERADE for -o $DEV without any arguments. If you do not correctly have the subnet set for the source then not only do I feel that this is insecure but when you setup port forwarding/DNAT you will see the connection from the router’s IP instead of the actual external IP.

    IE: instead of:


    Chain POSTROUTING (policy ACCEPT 1359M packets, 73G bytes)
    pkts bytes target prot opt in out source destination
    62M 3906M MASQUERADE all -- * bond0 0.0.0.0/0 0.0.0.0/0

    I would think you would want something that looks like:


    Chain POSTROUTING (policy ACCEPT 1359M packets, 73G bytes)
    pkts bytes target prot opt in out source destination
    62M 3906M MASQUERADE all -- * bond0 192.168.168.0/24 0.0.0.0/0
    #50867

    ppalias
    Member

    The interface is made as simple as possible and still is in beta version. If you can manipulate iptables you can easily do that in a post boot script.

    #50868

    houkouonchi
    Member

    And that is a perfectly acceptable answer. I figured this would be more of a big ticket item as it will make certain apps not work correctly (EX: running a bittorrent tracker on a machine behind the NAT using forwarded ports) not to mention it makes IPs listed in logs incorrect.

    I ended up doing exactly what you said but I was just curious why it didn’t already do this or atleast give an option for it but I guess it was just as simple as the interface being beta and not implemented yet =)

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.