[KLUG Members] iptables NAT problem

[Nikolas Reist]

John Pesce wrote:

>Hi all,
>
>I'm rather new to iptables and I have a new problem I can't figure out
>from the howtos I've run across.
>
>1) Is there a current detailed description/howto for iptables?
>  
>
http://www.netfilter.org/documentation/

>2) here is my situation
>
>I have a linux box with three interfaces
>
>eth0 192.168.3.1
>eth1 10.7.35.2
>eth2 192.168.2.1
>
>I'm running PIMd on it to route multicast traffic between the subnets.
>
>Also on the 10.7.35.0 subnet is another multicast/PIMd aware router that
>is part of another external private multicast network made up of other
>10.7.* subnets. The routers on those subnets are only aware of the
>10.7.* subnets and have access lists only for 10.7. traffic.
>
>My problem is that multicast traffic coming from my 192.168.* subnets
>don't have 10.7.* source addresses and are dropped by the 10.7.* routers
>
>I need my 192.168.* sourced multicast traffic to be distributed on that
>private 10.7.* multicast network.
>
>How can I change my 192.168.* packet source addresses to look like they
>are coming from my linux PIMd router, say 10.7.35.1 without messing up
>PIMd?
>
>It sounds like I should setup some kind of NAT POSTROUTE to rewrite the
>source address on packets leaving the eth1 interface destined for 224.*
>to a source IP of eth1 ?
>
>Is this reasonable? Is there a better way?
>
>Thanks
>  
>
In my experience (and thanks to the users' group) shorewall helps me 
accomplish this marvelously and is configurable from a console.  
http://shorewall.net

>_______________________________________________
>Members mailing list
>Members at kalamazoolinux.org
>
>
>  
>