IP Forwarding with IP tables
Gary Stainburn
gary.stainburn at ringways.co.uk
Thu Oct 13 22:04:59 UTC 2005
On Thursday 13 October 2005 7:04 pm, Rodolfo Alcazar wrote:
> On Thu, 2005-10-13 at 17:55 +0100, Gary Stainburn wrote:
> > Hi folks.
> > probably a FAQ but I'm struggling.
> > I have an internet connection linked to eth1 and a LAN connected to
> > eth0 I want to set up simple 1-to-1 NATing thus:
> >
> > x.y.z.141 == 10.1.1.141
> > x.y.z.142 == 10.1.1.142
> > x.y.z.143 == 10.1.1.143
>
> first of all, setup the interfaces. if your external interface is
> eth1, as you said, using your numbers:
>
> ifconfig eth1:1 x.y.z.141 netmask 255.255.255.248
> ifconfig eth1:2 x.y.z.142 netmask 255.255.255.248
> ifconfig eth1:3 x.y.z.143 netmask 255.255.255.248
>
> now, the incoming tables:
>
> -A PREROUTING -d x.y.z.141 -j DNAT --to-destination 10.1.1.141
> -A PREROUTING -d x.y.z.142 -j DNAT --to-destination 10.1.1.142
> -A PREROUTING -d x.y.z.143 -j DNAT --to-destination 10.1.1.143
>
> same for outgoing,
>
> -A POSTROUTING -s 10.1.1.141 -j SNAT --to-source x.y.z.141
> -A POSTROUTING -s 10.1.1.142 -j SNAT --to-source x.y.z.142
> -A POSTROUTING -s 10.1.1.143 -j SNAT --to-source x.y.z.143
>
> cheers
Thanks for that.
Worked fine once I'd found the other problem I had which was that I was
using a linux box to emulate the box that's going to be on the .141
address, and I did that by adding eth0:1 on that box
The problem was of course that the ip address the packets were coming
from where the eth0 address which failed the rules.
Now everything's tidy, it works for both incoming and outgoing
connections.
Cheers
Gary
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the fedora-list
mailing list