MASQUERADE only one interface

GeoSava · 12-17-2005, 05:46 AM

Hello to all i am almost new in Linux but i have managed to install a slackware distribution in my old Celeron.

I want to use this Linux Box as a router in my network but i have a little problem.

The PC has 3 ethernet adapters.

Two simple ethernet and one wireless ethernet.
They are all working properly.

Its ethernet is a different subnet.

Till now i have working using iptables with the command:

iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE

EXTERNAL is my eth0

to enable NAT and share internet form may main subnet where the proxy is located to the other two subnets....

I want to ask if there is a way to route one subnet without NAT and enable NAT only to the other subnet??

Thanxs!!!

acid_kewpie · 12-17-2005, 08:37 AM

just use a -i eth1 as well. so rather than just stating where the traffic is heading, you state where it came from too.

GeoSava · 12-19-2005, 05:41 AM

Thanxs for your answer

I have tried to do that but it seems that i am doing something wrong.

Can you help me with the command syntax??

acid_kewpie · 12-19-2005, 09:33 AM

help with what? just do the exact same command but adding the -i option too.

GeoSava · 12-20-2005, 05:16 AM

I have tryied to execute the command

iptables -t nat -A POSTROUTING -o eth0 -i wlan0 -j MASQUERADE

and i take an error message that i cannot use the -i option in the POSTROUTING Chain.

If i use PREROUTING Chain i cannot use the -o option.

I have understand what you say: something like that
iptables -A FORWARD -o eth0 -i wlan0 -j ACCEPT
which works but it does not work with the "-t nat" option and POSTROUTING.

Can you try it yourself and possibly find a solution?

Thank you very much.

roopunix · 12-20-2005, 05:32 AM

ptables -t nat -A POSTROUTING -i wlan0 - eth0 -j MASQUERADE

GeoSava · 12-20-2005, 07:25 AM

Quote:

iptables -t nat -A POSTROUTING -i wlan0 - eth0 -j MASQUERADE

I will try this when i get at home!!! But i beleive that the answer will be again that i cannot use the "-i option" with the POSTROUTING Chain of iptables.

Thanxs for the recommendation. I will give feedback.

SirGertrude · 12-20-2005, 08:13 PM

You cannot use the "-i" option in the postrouting chain because after routing there will not be an incoming interface to associate with. Are you sure you want to route one network and masquerade another? If you do not have public IP's on the routed network it will not do you any good to route it... unless you have a more complex network scheme we don't know about. Assuming you really want to route one network you will want to use the "-s" option with iptables to define the source network to masquerade. Example:

Code:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

This will masquerade the entire 192.168.1.0 network and everything else will be routed.

GeoSava · 02-03-2006, 09:36 AM

Thanxs SirGertrude your command work just fine.....

Sorry I haven't replay all this time. My router works fine for about 2-3 months now.

:-) :-D