[KLUG Members] iptables NAT problem
John Pesce
pescej at sprl.db.erau.edu
Wed Jun 30 13:02:33 EDT 2004
On Wed, 2004-06-30 at 10:48, Phillip Hofmeister wrote:
> On Wed, 30 Jun 2004 at 10:34:20AM -0400, John Pesce wrote:
> > Hi all,
>
> Hello
> > eth0 192.168.3.1
> > eth1 10.7.35.2
> > eth2 192.168.2.1
> >
> > It sounds like I should setup some kind of NAT POSTROUTE to rewrite the
> > source address on packets leaving the eth1 interface destined for 224.*
> > to a source IP of eth1 ?
>
>
> The NAT Table sounds like the best approach. Try:
>
> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/22 -j MASQUERADE
>
hmm. it doesn't seem to do anything.
here is my iptables config currently:
[root at rts sysconfig]# iptables -L -v -n
Chain INPUT (policy ACCEPT 24 packets, 1560 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 460 packets, 78004 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 16 packets, 1548 bytes)
pkts bytes target prot opt in out source
destination
[root at rts sysconfig]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 24 packets, 1946 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
When I do that I get:
[root at rts sysconfig]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 268 packets, 22084 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * eth1 192.168.0.0/22
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source
destination
running ethereal on a computer on the 10.7.35.0 subnet I still see the
192.168.* source addresses.
I even tried this without success:
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 224.5.0.0/16
-j SNAT --to 10.7.35.2
> That one iptable entry will MASQ any address between 192.168.0.0 and
> 192.168.3.255. Make sure the proper entries in the FORWARD chain are
> set up to allow traffic from eth0 and eth2 to get to eth1.
>
> HTH,
More information about the Members
mailing list