[KLUG Members] iptables NAT problem
Phillip Hofmeister
plhofmei at antiochcomputerconsulting.com
Wed Jun 30 13:52:18 EDT 2004
On Wed, 30 Jun 2004 at 01:02:33PM -0400, John Pesce wrote:
> > > eth0 192.168.3.1
> > > eth1 10.7.35.2
> > > eth2 192.168.2.1
> > >
> > > It sounds like I should setup some kind of NAT POSTROUTE to rewrite the
> > > source address on packets leaving the eth1 interface destined for 224.*
> > > to a source IP of eth1 ?
> Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 MASQUERADE all -- * eth1 192.168.0.0/22
> 0.0.0.0/0
Here is my NAT Table:
plhofmei at Oneill:~$ sudo iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 24234 packets, 2038K bytes)
pkts bytes target prot opt in out source
destination
27744 1330K REDIRECT tcp -- eth1 any anywhere
anywhere tcp dpt:www redir ports 8081
#I Run a blind proxy...what a b*st*rd...
Chain POSTROUTING (policy ACCEPT 106K packets, 7295K bytes)
pkts bytes target prot opt in out source
destination
3878 186K MASQUERADE all -- any eth0 10.1.0.0/24
anywhere
#My LAN Interface
0 0 MASQUERADE all -- any eth0 192.168.129.0/24
anywhere
# My Zaurus US Interface
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
eth0 is my internet interface. Traffic flows and gets MASQ'd to the
internet just fine (as you can see by the counters).
The only things I can think to check are:
Does your kernel have support for the NAT TAble? (Of course, otherwise
-t nat would not work)
Does you kernel have support for the MASQ Target? (Of course, otherwise
-j MASQUERADE would not work)
Beyond that I am not sure if I can help more. Sorry.
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
More information about the Members
mailing list