LEdoian
/
blog
1
0
Fork 0
Code Releases Activity

Compare commits

base: LEdoian:8036b2c757dfaad989815859b251ec51f66797eb
Branches Tags
LEdoian:blog
LEdoian:pub/systemd-gripes
LEdoian:pub/forgetting-dns6
LEdoian:pub/kerberos-wifi
LEdoian:pub/mimeapps
LEdoian:pub/python-goto
..
compare: LEdoian:53cc5442dced7fbdd3e67f75968e5a1d86639d7f
Branches Tags
LEdoian:blog
LEdoian:pub/systemd-gripes
LEdoian:pub/forgetting-dns6
LEdoian:pub/kerberos-wifi
LEdoian:pub/mimeapps
LEdoian:pub/python-goto

2 Commits
8036b2c757 ... 53cc5442dc

Author SHA1 Message Date
LEdoian 53cc5442dc render 6 months ago
LEdoian c1c0d365cd Fix date 6 months ago
3 changed files with 3 additions and 3 deletions
Show Stats

2
content/masquerade-with-filter.rst
Unescape Escape View File

@ -2,7 +2,7 @@ Only NAT packets you can deliver responses for
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
:slug: masquerade-with-filter :slug: masquerade-with-filter
:date: 2024-05-08 :date: 2024-05-08 13:32
:tags: linux :tags: linux
:category: til :category: til
:keywords: nat, nftables, network :keywords: nat, nftables, network

2
output/feeds/all.atom.xml
Unescape Escape View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/all.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-05-08T00:00:00+02:00</updated><entry><title>Only NAT packets you can deliver responses for</title><link href="https://blog.ledoian.cz/masquerade-with-filter.html" rel="alternate"></link><published>2024-05-08T00:00:00+02:00</published><updated>2024-05-08T00:00:00+02:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-05-08:/masquerade-with-filter.html</id><summary type="html">&lt;p&gt;When setting up a masquerading nat, it is worth considering masquerading only <feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/all.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-05-08T13:32:00+02:00</updated><entry><title>Only NAT packets you can deliver responses for</title><link href="https://blog.ledoian.cz/masquerade-with-filter.html" rel="alternate"></link><published>2024-05-08T13:32:00+02:00</published><updated>2024-05-08T13:32:00+02:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-05-08:/masquerade-with-filter.html</id><summary type="html">&lt;p&gt;When setting up a masquerading nat, it is worth considering masquerading only
packets from known networks. That is, instead of rule like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; packets from known networks. That is, instead of rule like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt;
masquerade&lt;/tt&gt; use something like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; ip saddr 198.51.100.0/24 masquerade&lt;/tt&gt; use something like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; ip saddr 198.51.100.0/24
masquerade&lt;/tt&gt;.&lt;/p&gt; masquerade&lt;/tt&gt;.&lt;/p&gt;

2
output/feeds/til.atom.xml
Unescape Escape View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog - til</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/til.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-05-08T00:00:00+02:00</updated><entry><title>Only NAT packets you can deliver responses for</title><link href="https://blog.ledoian.cz/masquerade-with-filter.html" rel="alternate"></link><published>2024-05-08T00:00:00+02:00</published><updated>2024-05-08T00:00:00+02:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-05-08:/masquerade-with-filter.html</id><summary type="html">&lt;p&gt;When setting up a masquerading nat, it is worth considering masquerading only <feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog - til</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/til.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-05-08T13:32:00+02:00</updated><entry><title>Only NAT packets you can deliver responses for</title><link href="https://blog.ledoian.cz/masquerade-with-filter.html" rel="alternate"></link><published>2024-05-08T13:32:00+02:00</published><updated>2024-05-08T13:32:00+02:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-05-08:/masquerade-with-filter.html</id><summary type="html">&lt;p&gt;When setting up a masquerading nat, it is worth considering masquerading only
packets from known networks. That is, instead of rule like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; packets from known networks. That is, instead of rule like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt;
masquerade&lt;/tt&gt; use something like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; ip saddr 198.51.100.0/24 masquerade&lt;/tt&gt; use something like &lt;tt class="docutils literal"&gt;iifname &lt;span class="pre"&gt;eth-inside&lt;/span&gt; ip saddr 198.51.100.0/24
masquerade&lt;/tt&gt;.&lt;/p&gt; masquerade&lt;/tt&gt;.&lt;/p&gt;

Write Preview
Loading…
Cancel
Save