IP MASQ help
I am looking for a solution using IP MASQ with RedHat 9.0 where i can masqurade all ip packets destined for other networks except for the packets destined for the 172.16.0.0/24 network. the packets destined for 172.16.0.0 net should just be routed normaly. I'm very new to iptables, can anyone let me know if this is possible and if so, where to start?
thanks |
to masquerade all forwarded packets exiting eth0, except those going to 172.16.0.0/24:
Code:
iptables -t nat -A POSTROUTING -o eth0 -d ! 172.16.0.0/24 -j MASQUERADE |
what i ment by routed normaly is that the packets are routed without modification. The setup looks something liek the following:
(10.0.0.0 network)- [linux router]-(172.16.0.0 network)-[internet router]-(internet) hosts on the 10.0.0.0 network need to access printers and servers on the 172.16.0.0 network and also have internet access. I can't modify the routing tables on the internet router to put a route to 10.0.0.0 network so I was planning on using NAT for the 10.0.0.0 network through 172.16.0.254 on the linux router |
seems to me that by doing a simple NAT on [linux router] everything would be fine... i mean, packets coming from 10.0.0.0 will be NATed by [linux router] and they will look like they came from 172.16.0.0 anyways... so connecting to the servers on 172.16.0.0 from 10.0.0.0 would be a non-issue... the same goes for the internet access, as the packets coming from 10.0.0.0 would look like they were coming from 172.16.0.0 to [internet router]...
if the external interface on [linux router] has a static ip, don't use MASQUERADING, use NAT instead... if i understand what you are trying to do, then it woud seem to me like you wouldn't need to have a POSTROUTING exception for packets going to 172.16.0.0... |
what would be the best way to use simple NAT?
|
Quote:
Code:
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 172.16.0.254 Code:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE Code:
iptables -P FORWARD DROP |
All times are GMT -5. The time now is 07:36 PM. |