Hello Guys,

i have some problem Nating and i hope some dude out there have a solution. This is urgent and i am looking for some help immediately

I have a Linux(7.3) box with two NIC and working like a gateway

NIC 1 - 10.8.1.91

NIC 2 - 10.6.1.91

i have one linux box with ip 10.6.1.100 connected to NIC 2 and some machines conected to 10.8.1.91 network connected via switch. I have routed packets from 10.8.1.X network to 10.6.1.100 machine...

Now since routing is working fine i assume routing is proper.


Problem Defination.
I want no-one to see 10.6.1.91 machine and there is need for nating...(i assume) going through some site i tried to add following to my iptable nating

NATing Table
iptables -t nat -A PREROUTING -i eth0 -d 10.8.1.251/255.255.255.0 -j DNAT --to 10.6.1.100
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.8.1.251

i dont know what is the problem but nating fails all from 10.8.X.X network can ping to my maching without nating...how can i configure this setup

Routing Information

route add -net 10.6.1.0 netmask 255.255.255.0 gw 10.8.1.91 dev eth0
route add -net 10.8.1.0 netmask 255.255.255.0 gw 10.6.1.91 dev eth1
route add -net 10.8.1.0 netmask 255.255.255.0 gw 10.8.1.91 dev eth0
route add -net 10.6.1.0 netmask 255.255.255.0 gw 10.6.1.91 dev eth1
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.1.70 dev eth0
route add -host 196.1.114.240 gw 10.8.1.1 dev eth0


comment--here 196.1.114.240 is my external interface for internet

Regards,
Gautm Pagedar

The pinging probably works because you've add all those routes which if you're doing NAT you won't have to do, so reboot and don't put them in again (though keep a copy)

Assuming the object is to get from 10.8.1.x to 10.6.1.00

Assuming: 10.8.1.91 is eth0 static IP, subnet mask set, don't set a gateway

Assuming: 10.6.1.91 is eth1 static IP, subnet mask set, set a gateway to 10.6.1.100 for eth1 if that's the route to the internet or somewhere else, otherwise you need
not bother

activate ip forwarding first

echo 1 > /proc/sys/net/ipv4/ip_forward

Oops I've read what you want to do wrong methinks.


iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.6.1.91 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.8.1.91 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -s 10.8.1.0/24 -j ACCEPT

iptables -A INPUT -p ALL -d 10.6.1.91 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED, RELATED -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.6.1.91 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.8.1.91 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.6.1.91


That's quite a long hand way but the way I prefer, no doubt I've made a typing error somewhere but....

thanxs for the info ....but i am still confused n would appreciate if i can get ur email id on which i can send u a diagram of my network so that u can get a clear picture of my problem

It's probaby better for you if you post it on here as you'll have the benefit of a whole lot of other people who if I'm not able to help they probably will be able to

Many hands make light work and they'll be able to scrutinize, if you're doing a diagram stick it in-between [ code ] [ /code ] tags(without the spaces in the brackets) so it keeps it's shape

i have a questions about Ip table What is Ip table please send me detail type of ip table

welcome to LQ!!!

these links will show you what iptables is:

http://www.netfilter.org/projects/iptables/index.html

http://en.wikipedia.org/wiki/Iptables

but please don't hijack people's threads like this... you should open your own thread in the newbie forum after having searched and confirmed your question hasn't already been answered... good luck!!!