LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-10-2010, 09:39 AM   #1
evilted
Member
 
Registered: Aug 2009
Location: Ouagadougou, Burkina Faso
Distribution: centos
Posts: 92

Rep: Reputation: 18
Question iptables nat problem bouncing through interfaces


I have 2 interfaces (only one wan facing) with public ip addressing. when i nat to the outside network, inside routed networks work fine, but when i nat to the inside interface the routed networks no longer work. That is too say when I nat to an inside ip, I appear natted, and not routed, to routed ip.

My question relates to iptables: How to I say 'nat everything but the routed networks'?

I have found that -d ! x.routed.1.x/x works: but I would like to write the rule so that it says -d ! x.routed.1.x/x + x.routed.2.x/x

Can anyone shed some light??

Nat outside, working routed net:
Code:
iptables -t nat -A POSTROUTING -i x.ouside.eth.x -s 192.x.x.x/x -j SNAT --to x.outside.eth.ip

This works and I get 1 routed network (I have to drop the -i to make it work - why?):
Code:
iptables -t nat -A POSTROUTING -s 192.x.x.x/x -d ! x.routed.1.x/x -j SNAT --to x.inside.eth.ip

I would like something like this:
Code:
iptables -t nat -A POSTROUTING -s 192.x.x.x/x -d ! x.routed.1.x/x + x.routed.2.x/x /
-j SNAT --to x.inside.eth.ip
thnx in advance..
 
Old 04-10-2010, 10:29 AM   #2
troop
Member
 
Registered: Feb 2010
Distribution: gentoo, arch, fedora, freebsd
Posts: 379

Rep: Reputation: 97
Your rules are not clear. Have you 192.x.x.x/x in outside and in inside networks?
Why not use -o?
You can use the `-j ACCEPT' target to let a connection through for x.routed.1.x/x and x.routed.2.x/x without any nat taking place.
or try try chains.

Last edited by troop; 04-10-2010 at 11:05 AM.
 
Old 04-10-2010, 11:42 AM   #3
evilted
Member
 
Registered: Aug 2009
Location: Ouagadougou, Burkina Faso
Distribution: centos
Posts: 92

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by troop View Post
Your rules are not clear. Have you 192.x.x.x/x in outside and in inside networks?
inside.

Quote:
Originally Posted by troop View Post
Why not use -o?
You can use the `-j ACCEPT' target to let a connection through for x.routed.1.x/x and x.routed.2.x/x without any nat taking place.
or try try chains.
my bad, meant -o; -i is dnat,

So there's no 'simple' way? I have to write individual rules for all the networks? This is the only rule i have in iptables..

I guess im really asking how to put 'and' in iptables: -d ! x + x
 
Old 04-10-2010, 02:06 PM   #4
TimothyEBaldwin
Member
 
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
There is no AND operator, you need multipe rules:
Code:
iptables -t nat -N MYCHAIN
iptables -t nat -A MYCHAIN -d x.routed.1.x/x -j RETURN
iptables -t nat -A MYCHAIN -d x.routed.2.x/x -j RETURN
iptables -t nat -A MYCHAIN -s 192.x.x.x/x -j SNAT --to x.inside.eth.ip
iptables -t nat -A POSTROUTING -j MYCHAIN
I am correct in saying that you have subnets with public IP addresses both sides of the router under discussion, and that NAT should only apply to traffic between the subnet with private IP addresses and the Internet - not between your subnets.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables and NAT strange problem shukalo83 Linux - Networking 3 02-08-2012 05:06 AM
iptables NAT and tun/tap interfaces j-osh Linux - Networking 0 06-30-2009 01:20 PM
Iptables NAT routing problem marpel Linux - Security 10 05-09-2006 07:23 AM
iptables nat 1 to 1 problem ched Linux - Networking 1 04-27-2005 07:27 PM
iptables NAT problem dave92082 Linux - Networking 1 06-16-2004 05:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration