Score:0

What happens with MASQUERADE and packets that origin on the host itself?

us flag

Given the following network:

                     +-- endpoint 1
                     |
internet -- server --+-- endpoint 2
                     |
                     +-- endpoint 3

where the endpoints are on subnet 192.168.1.0/24 and they route their traffic through the server.

For this, we require a NAT rule on the server for the interface connected to the internet:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

Two questions:

  1. Packets originating on the server itself are also matched by this rule. They already have the correct source IP. What happens with them? (Experimentation shows it works.)
  2. I always considered the question to add MASQUERADE or not to be a property of the interface (because the connected network can either handle multiple source IPs or it needs a NAT). Is this a good mental model?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.