[KLUG Members] iptables NAT problem

[Phillip Hofmeister]

On Wed, 30 Jun 2004 at 01:02:33PM -0400, John Pesce wrote:
> > > eth0 192.168.3.1
> > > eth1 10.7.35.2
> > > eth2 192.168.2.1
> > > 
> > > It sounds like I should setup some kind of NAT POSTROUTE to rewrite the
> > > source address on packets leaving the eth1 interface destined for 224.*
> > > to a source IP of eth1 ?
> Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
>  pkts bytes target     prot opt in     out     source              
> destination
>     0     0 MASQUERADE  all  --  *      eth1    192.168.0.0/22      
> 0.0.0.0/0

Here is my NAT Table:

plhofmei at Oneill:~$ sudo iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 24234 packets, 2038K bytes)
 pkts bytes target     prot opt in     out     source
destination 
27744 1330K REDIRECT   tcp  --  eth1   any     anywhere
anywhere            tcp dpt:www redir ports 8081
#I Run a blind proxy...what a b*st*rd...

Chain POSTROUTING (policy ACCEPT 106K packets, 7295K bytes)
 pkts bytes target     prot opt in     out     source
destination 
 3878  186K MASQUERADE  all  --  any    eth0    10.1.0.0/24
anywhere   
#My LAN Interface
    0     0 MASQUERADE  all  --  any    eth0    192.168.129.0/24
anywhere   
# My Zaurus US Interface

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination 

eth0 is my internet interface.  Traffic flows and gets MASQ'd to the
internet just fine (as you can see by the counters).

The only things I can think to check are:

Does your kernel have support for the NAT TAble? (Of course, otherwise
-t nat would not work)

Does you kernel have support for the MASQ Target? (Of course, otherwise
-j MASQUERADE would not work)

Beyond that I am not sure if I can help more.  Sorry.


-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import