LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-05-2005, 08:54 PM   #1
kegwell
Member
 
Registered: Feb 2004
Distribution: Gentoo Linux
Posts: 46

Rep: Reputation: 15
IPtables: SNAT & Aliasing


I currently have a running, funtional firewall. I have 1 external interface (eth1). I have aliased/multihomed additional external ips to that interface as well (eth1:eth1a, eth1:eth1b...etc). I have associated a few of the aliased IP's to an interal IP and the routing works fine inbound. For example, if I hit $ETH1:ETH1A I will be directed to 192.168.0.100. Although, I am having problems with SNAT. When I set up a rule for all outbound traffice from 192.168.0.100 to go out $ETH1:ETH1A, it just goes out eth1. When I try to specift the -o (outbound interface) as eth1:eth1a it still resuilts back to eth1. Even when I specify the aliased IP address explicitly it comes back to the ip of eth1.

Any help would be appreciated. Thanks in advance.
 
Old 01-05-2005, 09:44 PM   #2
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
You can't use aliases. You would need to do this.

Code:
iptables -t nat -A POSTROUTING -s 192.168.0.100 -o eth1  -j SNAT --to $PUBLIC_IP_OF_ALIAS
Thomas
 
Old 01-05-2005, 09:55 PM   #3
kegwell
Member
 
Registered: Feb 2004
Distribution: Gentoo Linux
Posts: 46

Original Poster
Rep: Reputation: 15
Yeah I tried that, but it did not work...I found out what the problem was though...

Code:
iptables -t nat -A POSTROUTING -s 192.168.0.100 -o eth1  -j SNAT --to $PUBLIC_IP_OF_ALIAS
was entered after
Code:
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
Once i reversed the order everything worked fine. Thanks for the help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables: DNAT, SNAT and Masquerading tarballed Linux - Security 3 12-10-2004 04:45 PM
Samba & IPTABLES & Network Drives Oh My! logicdisaster Linux - Networking 3 06-03-2004 07:07 PM
kmyfirewall & dynamic IP for POSTROUTING SNAT mpw Linux - Software 0 05-05-2004 08:12 AM
%&*#&$$ iptables modules Hangdog42 Linux - Newbie 10 03-03-2003 09:16 PM
IPTables - DNAT, SNAT, port forwarding FunkFlex Linux - Security 2 01-15-2002 08:18 PM


All times are GMT -5. The time now is 05:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration