LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page IPtables: SNAT & Aliasing
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-05-2005, 07:54 PM   #1
kegwell
Member
 
Registered: Feb 2004
Distribution: Gentoo Linux
Posts: 46

Rep: Reputation: 15
IPtables: SNAT & Aliasing

I currently have a running, funtional firewall. I have 1 external interface (eth1). I have aliased/multihomed additional external ips to that interface as well (eth1:eth1a, eth1:eth1b...etc). I have associated a few of the aliased IP's to an interal IP and the routing works fine inbound. For example, if I hit $ETH1:ETH1A I will be directed to 192.168.0.100. Although, I am having problems with SNAT. When I set up a rule for all outbound traffice from 192.168.0.100 to go out $ETH1:ETH1A, it just goes out eth1. When I try to specift the -o (outbound interface) as eth1:eth1a it still resuilts back to eth1. Even when I specify the aliased IP address explicitly it comes back to the ip of eth1.

Any help would be appreciated. Thanks in advance.
 
Old 01-05-2005, 08:44 PM   #2
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
You can't use aliases. You would need to do this.

Code:
iptables -t nat -A POSTROUTING -s 192.168.0.100 -o eth1  -j SNAT --to $PUBLIC_IP_OF_ALIAS
Thomas
 
Old 01-05-2005, 08:55 PM   #3
kegwell
Member
 
Registered: Feb 2004
Distribution: Gentoo Linux
Posts: 46

Original Poster
Rep: Reputation: 15
Yeah I tried that, but it did not work...I found out what the problem was though...

Code:
iptables -t nat -A POSTROUTING -s 192.168.0.100 -o eth1  -j SNAT --to $PUBLIC_IP_OF_ALIAS
was entered after
Code:
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
Once i reversed the order everything worked fine. Thanks for the help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables: DNAT, SNAT and Masquerading tarballed Linux - Security 3 12-10-2004 03:45 PM
Samba & IPTABLES & Network Drives Oh My! logicdisaster Linux - Networking 3 06-03-2004 06:07 PM
kmyfirewall & dynamic IP for POSTROUTING SNAT mpw Linux - Software 0 05-05-2004 07:12 AM
%&*#&$$ iptables modules Hangdog42 Linux - Newbie 10 03-03-2003 08:16 PM
IPTables - DNAT, SNAT, port forwarding FunkFlex Linux - Security 2 01-15-2002 07:18 PM


All times are GMT -5. The time now is 07:37 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration