LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-07-2010, 11:02 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
change to snat


I have an issue on my server whereby I connect to xx.xxx.xxx.199 via VPN.
However, on viewing my IP address at the client it says it is xx.xxx.xxx.198, which is the main IP address of the server and probably send the reply out on that address as that is the main eth0.

How can I change this in iptables to make sure that that doesn;t happen and that the reply comes out on 199?

:OUTPUT ACCEPT [8:3135]
-A PREROUTING -d xx.xxx.xxx.199 -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xxx.xxx.199:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
 
Old 08-08-2010, 11:02 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by qwertyjjj View Post
I have an issue on my server whereby I connect to xx.xxx.xxx.199 via VPN.
However, on viewing my IP address at the client it says it is xx.xxx.xxx.198, which is the main IP address of the server and probably send the reply out on that address as that is the main eth0.

How can I change this in iptables to make sure that that doesn;t happen and that the reply comes out on 199?

:OUTPUT ACCEPT [8:3135]
-A PREROUTING -d xx.xxx.xxx.199 -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xxx.xxx.199:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
Specify the IP, like:
Code:
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xx.xxx.xxx.199
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xx.xxx.xxx.199
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Snat ashlesha Linux - Networking 4 08-24-2006 06:02 AM
SNAT help cranium2004 Linux - Networking 0 05-09-2005 04:38 AM
SNAT URGENT please TheOne Linux - Security 10 04-28-2004 01:51 PM
what is snat ? spank Linux - Newbie 5 12-15-2003 02:32 PM
snat problem piti Linux - Networking 1 07-15-2003 04:18 AM


All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration