What happens with MASQUERADE and packets that origin on the host itself?

Georg Schölly

1/20/23, 9:31 AM

Given the following network:

                     +-- endpoint 1
                     |
internet -- server --+-- endpoint 2
                     |
                     +-- endpoint 3

where the endpoints are on subnet 192.168.1.0/24 and they route their traffic through the server.

For this, we require a NAT rule on the server for the interface connected to the internet:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Two questions:

Packets originating on the server itself are also matched by this rule. They already have the correct source IP. What happens with them? (Experimentation shows it works.)
I always considered the question to add MASQUERADE or not to be a property of the interface (because the connected network can either handle multiple source IPs or it needs a NAT). Is this a good mental model?

0 + 0

nat

routing

iptables

subnet

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What happens with MASQUERADE and packets that origin on the host itself?

TH: จะเกิดอะไรขึ้นกับ MASQUERADE และแพ็กเก็ตที่มาจากโฮสต์เอง

RO: Ce se întâmplă cu MASQUERADE și pachetele care provin din gazdă?

RU: Что происходит с MASQUERADE и пакетами, исходящими с самого хоста?

VI: Điều gì xảy ra với MASQUERADE và các gói bắt nguồn từ chính máy chủ?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.