NAT for locally originated connections

  • Scott


    When I enable 'support for NAT of locally originated connections', I get the error annotated below (<<).

    Should this allow me to open a connection from a web server to the public address that NAT's back to itself?

    Logged in
    Saving data to flash memory
    nvram_commit(): start
    Flash memory:
    Activating policy
    nvram_commit(): end
    size: 20077 bytes (12691 left)
    Activating firewall script generated Fri Sep 24 22:36:31 2004 Central Daylight Time by Scott
    Rule 0(NAT)
    Rule 1(NAT)
    Rule 2(NAT)
    iptables: Invalid argument         <<<<<<<<<<<<
    iptables: Invalid argument         <<<<<<<<<<<<
    Rule backup ssh access
    Rule 0(vlan1)
    Rule 0(lo)
    Rule 0(global)
    Rule 1(global)

    Scott H.

    • Vadim Kurland
      Vadim Kurland

      option 'support for NAT of locally originated connections' makes compiler generate iptables NAT commands in the OUTPUT chain for rules with firewall in OSrc. These commands translate packets that originate on the firewall (os opposed to those that go through it).

      If I understand you right, you want to open connection from inside your network to the translated address that is mapped back to server on the same network. This is what described in  the Users Guide in chapter "NAT back to the same network". Option "support for NAT of locally originated connections" has nothing to do with it.

      Please post commands that compiler generated for NAT rule 2, I'll try to figure out why you get these iptables errors.