Iptable for nat assistance

Meng Cheah meng-D1t3LT1mScs at public.gmane.org
Thu Apr 26 02:10:41 UTC 2007


Kihara Muriithi wrote:

> Hi all,
>  I have been attempting to use iptables to NAT internal IPs to an 
> external IP without success. I have experience with iptables, but 
> mainly on how to close or open specific ports. Nat has proved a little 
> challenging and thats why i am seeking assistance.
>  Lets say I have an internal IPs as 10.0.0.0/24 <http://10.0.0.0/24> 
> and need all those IP natted to an external IP 192.168.2.1 
> <http://192.168.2.1>. This is what I have attempted in my quest to 
> find a solution.
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1 
> <http://192.168.2.1>
>
> when I check the firewall status, I notice this table insertion
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination        
> SNAT       all  --  0.0.0.0/0 <http://0.0.0.0/0>            0.0.0.0/0 
> <http://0.0.0.0/0>           to:192.168.2.1 <http://192.168.2.1>
>
>  To be frank, I expected 192.168.2.1 <http://192.168.2.1> to be the 
> destination. The way the details are presented is confusing, IMO. 
> Whats however puzzling is this command is rejected when I attempt to 
> make it persistant as seen below.
> vi /etec/sysconfig/iptables
> Just before the line below, I inserted the second command
> REJECT     all  --  0.0.0.0/0 <http://0.0.0.0/0>            0.0.0.0/0 
> <http://0.0.0.0/0>           reject-with icmp-host-prohibited
> -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1 <http://192.168.2.1>
>
> This however don't work as iptable throws an error message and fails 
> to come up.
> Now the question is, what is the proper way of doing a nat throw a 
> linux box? I have enabled IP forwarding by the way.
>
> Thanks in advance
> William

You may want to look at the Linux IP Masquerade Howto.
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
It walks you through the process with examples.
YMMV.

Many people like Shorewall and other tools.

Meng


--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list