Iptable for nat assistance
tleslie
tleslie-RBVUpeUoHUc at public.gmane.org
Wed Apr 25 16:05:23 UTC 2007
On Wed, 2007-04-25 at 18:40 +0300, Kihara Muriithi wrote:
> Hi all,
> I have been attempting to use iptables to NAT internal IPs to an
> external IP without success. I have experience with iptables, but
> mainly on how to close or open specific ports. Nat has proved a little
> challenging and thats why i am seeking assistance.
> Lets say I have an internal IPs as 10.0.0.0/24 and need all those IP
> natted to an external IP 192.168.2.1. This is what I have attempted in
> my quest to find a solution.
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
>
> when I check the firewall status, I notice this table insertion
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- 0.0.0.0/0 0.0.0.0/0
> to:192.168.2.1
>
SNAT means source address translation, you want DNAT
> To be frank, I expected 192.168.2.1 to be the destination. The way
> the details are presented is confusing, IMO. Whats however puzzling is
> this command is rejected when I attempt to make it persistant as seen
> below.
> vi /etec/sysconfig/iptables
> Just before the line below, I inserted the second command
> REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
> -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
>
> This however don't work as iptable throws an error message and fails
> to come up.
> Now the question is, what is the proper way of doing a nat throw a
> linux box? I have enabled IP forwarding by the way.
>
> Thanks in advance
> William
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list