LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-05-2011, 11:26 AM   #1
linux_biao
LQ Newbie
 
Registered: Apr 2011
Posts: 22

Rep: Reputation: 0
some problems about nat in the iptables


I tried to do a job about nat in the iptables!!i want to achive the effect that if a source ip from the intranet want to access the networks outside it must be changed !
for example,the source ip is 192.168.1.2,the destination ip is 192.168.2.1,if the source ip want to access the 192.168.2.1,it must become to 192.168.2.2 or others !

and my problem is here! when the 192.168.2.2 have no corresponding mac-address, the 192.168.1.2 can't access the 192.168.2.1!!it seems so normal because the 192.168.2.1 can't find the mac-address from 192.168.2.2 !!And I want to know that the changed ip of the nat must exist its corresponding mac-address ?
if it should exist ,and if the changed ip is the ip range(e.g:192.168.2.1--192.168.2.10),those ip must exist its corresponding mac-address?and it will be a trouble thing!!

sorry,my english is so bad!and i hope that you can understand what I said !! i look forward to your receive!!thank you!!!!
 
Old 05-06-2011, 11:23 AM   #2
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
Hi,

It sounds like you should look into masquerading / mangle.

You can do what your wanting a few ways.

Code:
    iptables -t nat -A POSTROUTING -o <your interface> -j MASQUERADE
the above would take everything behind your nat box and apply it's ip address to it. So, if your nat box had an interface on the same subnet of your destination, it change the SOURCE IP. However, it will on change it to the IP of the interface sitting on the same subnet as the destination / interface.

The other way:

Using Mangle
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1:192.168.2.10
That would take all traffic OUTBOUND on EHT0 and mangle it to be what ever ip range you wish to have. YOur going to need to use a few more rules though. The above example does not cover everything you will need to do. You should look into DNAT and SNAT.

Hope it helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables & NAT problems BB_DaKraxor Linux - Networking 2 08-13-2008 03:24 PM
brocken iptables, problems with nat table gottin Linux - Software 1 02-08-2006 10:40 AM
problems with iptables NAT figjam Linux - Networking 1 06-14-2004 08:49 PM
iptables...NAT...and problems... Bug Linux - Security 6 12-31-2003 04:31 AM
iptables-nat problems didget Linux - Security 8 12-13-2001 03:15 PM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration