Re: One-to-one NAT iptables!

Sanjay Darisi wrote:

> I'm not good at Iptables in Linux. I am trying to configure one-to-one
> NAT on my Linux gateway, unsuccessful so far. How do I do that?? Here is
> the scenario
>
> eth2 - External interface
> eth0 - Internal interface
>
> Lets say I want to route (NAT) a virtual IP of 67.155.x.x to
> 192.168.1.10 for smtp service (infact for all services). How do I do
> that using iptables??
>
> Thanks a lot,
> Sanjay.
>
>
>
>
You're not alone with iptables. It can be somewhat intricate. This is a
question very few people could answer off hand.

For learning the iptables nitty gritty, http://netfilter.org is the home
page for iptables. It contains FAQs, HOWTOs, and Tutorials.

For front-end tools that make iptables more user (and admin) friendly,
check out FireStarter at http://www.fs-security.com/ and/or Firewall
Builder at http://www.fwbuilder.org. If you go this route, please let us
know how you liked the tool(s).

In an attempt to answer your question, the command:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth2 -j MASQUERADE
would masquerade your entire private LAN (all 192.168.1.0/24 addresses)
behind the ip address of the eth2 device. For a single private ip
address (one-to-one), simply specify the address (e.g. 192.168.1.10).
Why you'd want to do that though is beyond me.

HTH
-- 
-Eric 'shubes'
"There is no such thing as the People;
  it is a collectivist myth.
  There are only individual citizens
  with individual wills
  and individual purposes."
-William E. Simon (1927-2000),
     Secretary of the Treasury (1974-1977)
  "A Time For Truth" (1978), pg. 237

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss