[KLUG Members] iptables NAT problem

John Pesce pescej at sprl.db.erau.edu
Wed Jun 30 13:02:33 EDT 2004

Previous message: [KLUG Members] iptables NAT problem
Next message: [KLUG Members] iptables NAT problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-06-30 at 10:48, Phillip Hofmeister wrote:
> On Wed, 30 Jun 2004 at 10:34:20AM -0400, John Pesce wrote:
> > Hi all,
> 
> Hello
> > eth0 192.168.3.1
> > eth1 10.7.35.2
> > eth2 192.168.2.1
> > 
> > It sounds like I should setup some kind of NAT POSTROUTE to rewrite the
> > source address on packets leaving the eth1 interface destined for 224.*
> > to a source IP of eth1 ?
> 
> 
> The NAT Table sounds like the best approach.  Try:
> 
> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/22 -j MASQUERADE
> 

hmm. it doesn't seem to do anything.

here is my iptables config currently:

[root at rts sysconfig]# iptables -L -v -n
Chain INPUT (policy ACCEPT 24 packets, 1560 bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain FORWARD (policy ACCEPT 460 packets, 78004 bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain OUTPUT (policy ACCEPT 16 packets, 1548 bytes)
 pkts bytes target     prot opt in     out     source              
destination
[root at rts sysconfig]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 24 packets, 1946 bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination

When I do that I get:

[root at rts sysconfig]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 268 packets, 22084 bytes)
 pkts bytes target     prot opt in     out     source              
destination

Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source              
destination
    0     0 MASQUERADE  all  --  *      eth1    192.168.0.0/22      
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source              
destination



running ethereal on a computer on the 10.7.35.0 subnet I still see the
192.168.* source addresses.



I even tried this without success:

iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 224.5.0.0/16
-j SNAT --to 10.7.35.2




> That one iptable entry will MASQ any address between 192.168.0.0 and
> 192.168.3.255.  Make sure the proper entries in the FORWARD chain are
> set up to allow traffic from eth0 and eth2 to get to eth1.
> 
> HTH,

Previous message: [KLUG Members] iptables NAT problem
Next message: [KLUG Members] iptables NAT problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list