# Iptables and nat [SOLVED]

## cwr

I've been trying to forward packets from one interface to another, without having to build

a full-scale firewall.   Every document I can find says that it's a question of adding

port forwarding and masquerading, but that fails every time for me.  The machine has

valid interfaces to each destination, and I can log to the machines each side, but trying

to add forwarding gives me:

```

tuppence cwr # iptables -F

tuppence cwr # iptables -t nat -F

tuppence cwr # iptables --delete-chain

tuppence cwr # iptables --table nat --delete-chain

tuppence cwr # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables: No chain/target/match by that name.

tuppence cwr # 

```

I've checked the kernel configs, and they are ok, and forwarding is set up in sysctl.conf;

does anyone have any ideas that I could try before building a full-scale firewall/router?

Thanks - WillLast edited by cwr on Sat Jun 22, 2013 7:57 am; edited 1 time in total

----------

## papahuhn

Seems that your kernel config is not okay after all. However, which networks do you need to route (to)? Maybe you don't need NAT?

----------

## dE_logics

There appears to be something wrong with one of -- 

-A POSTROUTING -o eth0 -j MASQUERADE 

How about changing the jump, match and chain to something that is known to work on your system, e.g. drop for, tcp match and -A to input one by one, so you can figure out the missing modules.

----------

## cwr

OK,  problem solved.  I had the "standard" iptables stuff configured in the kernel, but that's

apparently not enough.  I went back and added every iptables option in sight and rebuilt

the kernel and it worked.

Thanks for the ideas - Will

----------

## Hu

The MASQUERADE target is part of NAT and is not standard for a simple packet filter.  Enabling that was likely the key.

----------

## cwr

Yes, at a some point I need to go back and weed out all the obviously irrelevant stuff and

test it again, but for now, it "just works".

Thanks for the tip - Will

----------

