Iptable for nat assistance
Kihara Muriithi
william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Apr 25 15:40:43 UTC 2007
Hi all,
I have been attempting to use iptables to NAT internal IPs to an external
IP without success. I have experience with iptables, but mainly on how to
close or open specific ports. Nat has proved a little challenging and thats
why i am seeking assistance.
Lets say I have an internal IPs as 10.0.0.0/24 and need all those IP natted
to an external IP 192.168.2.1. This is what I have attempted in my quest to
find a solution.
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
when I check the firewall status, I notice this table insertion
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:192.168.2.1
To be frank, I expected 192.168.2.1 to be the destination. The way the
details are presented is confusing, IMO. Whats however puzzling is this
command is rejected when I attempt to make it persistant as seen below.
vi /etec/sysconfig/iptables
Just before the line below, I inserted the second command
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
-A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
This however don't work as iptable throws an error message and fails to come
up.
Now the question is, what is the proper way of doing a nat throw a linux
box? I have enabled IP forwarding by the way.
Thanks in advance
William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20070425/5aed9e57/attachment.html>
More information about the Legacy
mailing list