Iptable for nat assistance
Meng Cheah
meng-D1t3LT1mScs at public.gmane.org
Thu Apr 26 02:10:41 UTC 2007
Kihara Muriithi wrote:
> Hi all,
> I have been attempting to use iptables to NAT internal IPs to an
> external IP without success. I have experience with iptables, but
> mainly on how to close or open specific ports. Nat has proved a little
> challenging and thats why i am seeking assistance.
> Lets say I have an internal IPs as 10.0.0.0/24 <http://10.0.0.0/24>
> and need all those IP natted to an external IP 192.168.2.1
> <http://192.168.2.1>. This is what I have attempted in my quest to
> find a solution.
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
> <http://192.168.2.1>
>
> when I check the firewall status, I notice this table insertion
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> to:192.168.2.1 <http://192.168.2.1>
>
> To be frank, I expected 192.168.2.1 <http://192.168.2.1> to be the
> destination. The way the details are presented is confusing, IMO.
> Whats however puzzling is this command is rejected when I attempt to
> make it persistant as seen below.
> vi /etec/sysconfig/iptables
> Just before the line below, I inserted the second command
> REJECT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> reject-with icmp-host-prohibited
> -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1 <http://192.168.2.1>
>
> This however don't work as iptable throws an error message and fails
> to come up.
> Now the question is, what is the proper way of doing a nat throw a
> linux box? I have enabled IP forwarding by the way.
>
> Thanks in advance
> William
You may want to look at the Linux IP Masquerade Howto.
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
It walks you through the process with examples.
YMMV.
Many people like Shorewall and other tools.
Meng
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list