What is MASQUERADE in the context of iptables?












25















In iptables many times I see the target MASQUERADE. What is that? I searched and found lots of things. But I need someone to explain to me what MASQUERADE is in an easy to understand way?



An example (taken from this answer) is:




sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE






networking firewall iptables







share|improve this question





























    25















    In iptables many times I see the target MASQUERADE. What is that? I searched and found lots of things. But I need someone to explain to me what MASQUERADE is in an easy to understand way?



    An example (taken from this answer) is:




    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE






    networking firewall iptables







    share|improve this question



























      25












      25








      25


      7






      In iptables many times I see the target MASQUERADE. What is that? I searched and found lots of things. But I need someone to explain to me what MASQUERADE is in an easy to understand way?



      An example (taken from this answer) is:




      sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE






      networking firewall iptables







      share|improve this question
















      In iptables many times I see the target MASQUERADE. What is that? I searched and found lots of things. But I need someone to explain to me what MASQUERADE is in an easy to understand way?



      An example (taken from this answer) is:




      sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE






      networking firewall iptables




      networking firewall iptables






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 14 '17 at 19:15









      Bruno Bronosky

      50349




      50349










      asked May 15 '14 at 16:07









      Mohammad Reza RezwaniMohammad Reza Rezwani

      3,7292563110




      3,7292563110






















          2 Answers
          2






          active

          oldest

          votes


















          22














          It is an algorithm dependant on the iptables implementation that allows one to route traffic without disrupting the original traffic.



          I use the masquerade algorithm when I want to create a virtual wifi adapter and share my wifi.



          Im NOT talking about sharing Ethernet connection through your wifi, Im talking about sharing the wifi connection through your wifi via masquerading it to a virtual adapter. This in effect lets you share your wifi connection through wifi.



          .



          .



          Read this and scroll down to MASQUERADE: http://billauer.co.il/ipmasq-html.html



          Read this for more in depth: http://oreilly.com/openbook/linag2/book/ch11.html





          All those questions about "Connectify for linux" can be solved by implementing the MASQUERADE algo.





          For a direct example visit this page: http://pritambaral.com/2012/05/connectify-for-linux-wireless-hotspot/



          I HAVE NOT READ THE LAST LINK!!!! But the following is an accurate excerpt/example.



          sudo sysctl -w net.ipv4.ip_forward=1
          
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
          
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


          I really dislike how search engines make the algorithm out to be some evil type of hack.. I use it merely so share my internet with my android phones.



          FINAL EDIT: this link is the bestest http://gsp.com/cgi-bin/man.cgi?section=3&topic=libalias






          share|improve this answer


























          • like your first link that was --exactly-- what I am looking for :)

            – Mohammad Reza Rezwani
            May 15 '14 at 16:29





















          31














          MASQUERADE is an iptables target that can be used instead of SNAT target (source NAT) when external ip of the inet interface is not known at the moment of writing the rule (when server gets external ip dynamically).






          share|improve this answer
























          • What should be used when the IP address is known?

            – Luc
            Nov 28 '16 at 8:55






          • 3





            @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

            – Sergey P. aka azure
            Dec 6 '16 at 10:08












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f466445%2fwhat-is-masquerade-in-the-context-of-iptables%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          22














          It is an algorithm dependant on the iptables implementation that allows one to route traffic without disrupting the original traffic.



          I use the masquerade algorithm when I want to create a virtual wifi adapter and share my wifi.



          Im NOT talking about sharing Ethernet connection through your wifi, Im talking about sharing the wifi connection through your wifi via masquerading it to a virtual adapter. This in effect lets you share your wifi connection through wifi.



          .



          .



          Read this and scroll down to MASQUERADE: http://billauer.co.il/ipmasq-html.html



          Read this for more in depth: http://oreilly.com/openbook/linag2/book/ch11.html





          All those questions about "Connectify for linux" can be solved by implementing the MASQUERADE algo.





          For a direct example visit this page: http://pritambaral.com/2012/05/connectify-for-linux-wireless-hotspot/



          I HAVE NOT READ THE LAST LINK!!!! But the following is an accurate excerpt/example.



          sudo sysctl -w net.ipv4.ip_forward=1
          
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
          
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


          I really dislike how search engines make the algorithm out to be some evil type of hack.. I use it merely so share my internet with my android phones.



          FINAL EDIT: this link is the bestest http://gsp.com/cgi-bin/man.cgi?section=3&topic=libalias






          share|improve this answer


























          • like your first link that was --exactly-- what I am looking for :)

            – Mohammad Reza Rezwani
            May 15 '14 at 16:29


















          22














          It is an algorithm dependant on the iptables implementation that allows one to route traffic without disrupting the original traffic.



          I use the masquerade algorithm when I want to create a virtual wifi adapter and share my wifi.



          Im NOT talking about sharing Ethernet connection through your wifi, Im talking about sharing the wifi connection through your wifi via masquerading it to a virtual adapter. This in effect lets you share your wifi connection through wifi.



          .



          .



          Read this and scroll down to MASQUERADE: http://billauer.co.il/ipmasq-html.html



          Read this for more in depth: http://oreilly.com/openbook/linag2/book/ch11.html





          All those questions about "Connectify for linux" can be solved by implementing the MASQUERADE algo.





          For a direct example visit this page: http://pritambaral.com/2012/05/connectify-for-linux-wireless-hotspot/



          I HAVE NOT READ THE LAST LINK!!!! But the following is an accurate excerpt/example.



          sudo sysctl -w net.ipv4.ip_forward=1
          
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
          
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


          I really dislike how search engines make the algorithm out to be some evil type of hack.. I use it merely so share my internet with my android phones.



          FINAL EDIT: this link is the bestest http://gsp.com/cgi-bin/man.cgi?section=3&topic=libalias






          share|improve this answer


























          • like your first link that was --exactly-- what I am looking for :)

            – Mohammad Reza Rezwani
            May 15 '14 at 16:29
















          22












          22








          22







          It is an algorithm dependant on the iptables implementation that allows one to route traffic without disrupting the original traffic.



          I use the masquerade algorithm when I want to create a virtual wifi adapter and share my wifi.



          Im NOT talking about sharing Ethernet connection through your wifi, Im talking about sharing the wifi connection through your wifi via masquerading it to a virtual adapter. This in effect lets you share your wifi connection through wifi.



          .



          .



          Read this and scroll down to MASQUERADE: http://billauer.co.il/ipmasq-html.html



          Read this for more in depth: http://oreilly.com/openbook/linag2/book/ch11.html





          All those questions about "Connectify for linux" can be solved by implementing the MASQUERADE algo.





          For a direct example visit this page: http://pritambaral.com/2012/05/connectify-for-linux-wireless-hotspot/



          I HAVE NOT READ THE LAST LINK!!!! But the following is an accurate excerpt/example.



          sudo sysctl -w net.ipv4.ip_forward=1
          
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
          
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


          I really dislike how search engines make the algorithm out to be some evil type of hack.. I use it merely so share my internet with my android phones.



          FINAL EDIT: this link is the bestest http://gsp.com/cgi-bin/man.cgi?section=3&topic=libalias






          share|improve this answer















          It is an algorithm dependant on the iptables implementation that allows one to route traffic without disrupting the original traffic.



          I use the masquerade algorithm when I want to create a virtual wifi adapter and share my wifi.



          Im NOT talking about sharing Ethernet connection through your wifi, Im talking about sharing the wifi connection through your wifi via masquerading it to a virtual adapter. This in effect lets you share your wifi connection through wifi.



          .



          .



          Read this and scroll down to MASQUERADE: http://billauer.co.il/ipmasq-html.html



          Read this for more in depth: http://oreilly.com/openbook/linag2/book/ch11.html





          All those questions about "Connectify for linux" can be solved by implementing the MASQUERADE algo.





          For a direct example visit this page: http://pritambaral.com/2012/05/connectify-for-linux-wireless-hotspot/



          I HAVE NOT READ THE LAST LINK!!!! But the following is an accurate excerpt/example.



          sudo sysctl -w net.ipv4.ip_forward=1
          
sudo iptables -A FORWARD -i wlan0 -j ACCEPT
          
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


          I really dislike how search engines make the algorithm out to be some evil type of hack.. I use it merely so share my internet with my android phones.



          FINAL EDIT: this link is the bestest http://gsp.com/cgi-bin/man.cgi?section=3&topic=libalias







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 15 '14 at 16:37

























          answered May 15 '14 at 16:15









          Banned_UserBanned_User

          6981715




          6981715













          • like your first link that was --exactly-- what I am looking for :)

            – Mohammad Reza Rezwani
            May 15 '14 at 16:29





















          • like your first link that was --exactly-- what I am looking for :)

            – Mohammad Reza Rezwani
            May 15 '14 at 16:29



















          like your first link that was --exactly-- what I am looking for :)

          – Mohammad Reza Rezwani
          May 15 '14 at 16:29







          like your first link that was --exactly-- what I am looking for :)

          – Mohammad Reza Rezwani
          May 15 '14 at 16:29















          31














          MASQUERADE is an iptables target that can be used instead of SNAT target (source NAT) when external ip of the inet interface is not known at the moment of writing the rule (when server gets external ip dynamically).






          share|improve this answer
























          • What should be used when the IP address is known?

            – Luc
            Nov 28 '16 at 8:55






          • 3





            @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

            – Sergey P. aka azure
            Dec 6 '16 at 10:08
















          31














          MASQUERADE is an iptables target that can be used instead of SNAT target (source NAT) when external ip of the inet interface is not known at the moment of writing the rule (when server gets external ip dynamically).






          share|improve this answer
























          • What should be used when the IP address is known?

            – Luc
            Nov 28 '16 at 8:55






          • 3





            @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

            – Sergey P. aka azure
            Dec 6 '16 at 10:08














          31












          31








          31







          MASQUERADE is an iptables target that can be used instead of SNAT target (source NAT) when external ip of the inet interface is not known at the moment of writing the rule (when server gets external ip dynamically).






          share|improve this answer













          MASQUERADE is an iptables target that can be used instead of SNAT target (source NAT) when external ip of the inet interface is not known at the moment of writing the rule (when server gets external ip dynamically).







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 15 '14 at 16:21









          Sergey P. aka azureSergey P. aka azure

          1,096911




          1,096911













          • What should be used when the IP address is known?

            – Luc
            Nov 28 '16 at 8:55






          • 3





            @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

            – Sergey P. aka azure
            Dec 6 '16 at 10:08



















          • What should be used when the IP address is known?

            – Luc
            Nov 28 '16 at 8:55






          • 3





            @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

            – Sergey P. aka azure
            Dec 6 '16 at 10:08

















          What should be used when the IP address is known?

          – Luc
          Nov 28 '16 at 8:55





          What should be used when the IP address is known?

          – Luc
          Nov 28 '16 at 8:55




          3




          3





          @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

          – Sergey P. aka azure
          Dec 6 '16 at 10:08





          @Luc, SNAT target (source network address translation) with defining source ip that should be placed instead of original source ip in the ip packet from original host. Like this -j SNAT --to-source xx.xx.xx.xx where xx.xx.xx.xx is the external ip of the desired interface. And I can't say that it should be used when external ip is known. I'd prefer to use MASQUERADE instead of SNAT to make rules flexible and not bound to specific external ip that I have at the moment.

          – Sergey P. aka azure
          Dec 6 '16 at 10:08


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f466445%2fwhat-is-masquerade-in-the-context-of-iptables%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

          Image
          0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f...
          Read more

          Mangá

          Image
            Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a ...
          Read more

          Eduardo VII do Reino Unido

          Image
          Eduardo VII Rei do Reino Unido da Grã-Bretanha e Irlanda e dos Domínios Britânicos de Além-mar Imperador da Índia Rei do Reino Unido e Imperador da Índia Reinado 22 de janeiro de 1901 a 6 de maio de 1910 Coroação 9 de agosto de 1902 Delhi Durbar 1 de janeiro de 1903 Predecessora Vitória Sucessor Jorge V   Esposa Alexandra da Dinamarca Descendência Alberto Vitor, Duque de Clarence e Avondale Jorge V do Reino Unido Luísa, Princesa Real Vitória de Gales Maud de Gales Alexandre João de Gales Casa Saxe-Coburgo-Gota Nome completo Alberto Eduardo Nascimento 9 de novembro de 1841   Palácio de Buckingham, Londres, Reino Unido Morte 6 de maio de 1910 (68 anos)   Palácio de Buckingham, Londres, Reino Unido Enterro Capela de São Jorge, Windsor, Berkshire, Reino Unido 20 de maio de 1910 Pai Alberto de Saxe-Coburgo-Gota Mãe Vitória do Reino Unido Assinatura ...
          Read more