It is okay to set MASQUERADE at 2 network interfaces in a Linux server?
There is a Linux server with 3 network interfaces, eth0, eth1, eth2
. IP forwarding has been turn on in this server.
- eth0 is connected to 10.0.1.0/24. Its IP is
10.0.1.1
. - eth1 is connected to 172.16.1.0/24. Its IP is
172.16.1.1
. Server A can ping router C at 172.16.1.2. - eth2 is connected to 192.168.1.0/24. Its IP is
192.168.1.1
. Server A can ping server B at 192.168.1.2. - Router C is able to route to 172.16.2.0/24 and 172.16.3.0/24.
[10.0.1.0/24] | 172.16.2.0/24------| | [C]------172.16.1.0/24------[A]------192.168.1.0/24------[B] 172.16.3.0/24------|
We have set MASQUERADE at eth0. When server B (192.168.1.2) connect to 10.0.1.0/24, IP MASQUERADE will happen at eth0.
Can we set MASQUERADE at eth1? Is it okay to set MASQUERADE at more than 1 network interfaces in Linux?
Solution 1:
Yes, it's fine to have multiple MASQUERADE
rules. Typically, each rule will match packets going out a specific interface, for example:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
The first rule matches packets going out eth0
, while the second one matches packets going out eth1
.