LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-05-2003, 10:52 AM   #1
gpagedar
LQ Newbie
 
Registered: Sep 2003
Posts: 11

Rep: Reputation: 0
Problem with NATing


Hello Guys,

i have some problem Nating and i hope some dude out there have a solution. This is urgent and i am looking for some help immediately

I have a Linux(7.3) box with two NIC and working like a gateway

NIC 1 - 10.8.1.91

NIC 2 - 10.6.1.91

i have one linux box with ip 10.6.1.100 connected to NIC 2 and some machines conected to 10.8.1.91 network connected via switch. I have routed packets from 10.8.1.X network to 10.6.1.100 machine...

Now since routing is working fine i assume routing is proper.


Problem Defination.
I want no-one to see 10.6.1.91 machine and there is need for nating...(i assume) going through some site i tried to add following to my iptable nating

NATing Table
iptables -t nat -A PREROUTING -i eth0 -d 10.8.1.251/255.255.255.0 -j DNAT --to 10.6.1.100
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.8.1.251

i dont know what is the problem but nating fails all from 10.8.X.X network can ping to my maching without nating...how can i configure this setup

Routing Information

route add -net 10.6.1.0 netmask 255.255.255.0 gw 10.8.1.91 dev eth0
route add -net 10.8.1.0 netmask 255.255.255.0 gw 10.6.1.91 dev eth1
route add -net 10.8.1.0 netmask 255.255.255.0 gw 10.8.1.91 dev eth0
route add -net 10.6.1.0 netmask 255.255.255.0 gw 10.6.1.91 dev eth1
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.1.70 dev eth0
route add -host 196.1.114.240 gw 10.8.1.1 dev eth0


comment--here 196.1.114.240 is my external interface for internet

Regards,
Gautm Pagedar
 
Old 09-05-2003, 05:16 PM   #2
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
The pinging probably works because you've add all those routes which if you're doing NAT you won't have to do, so reboot and don't put them in again (though keep a copy)

Assuming the object is to get from 10.8.1.x to 10.6.1.00

Assuming: 10.8.1.91 is eth0 static IP, subnet mask set, don't set a gateway

Assuming: 10.6.1.91 is eth1 static IP, subnet mask set, set a gateway to 10.6.1.100 for eth1 if that's the route to the internet or somewhere else, otherwise you need
not bother

activate ip forwarding first

echo 1 > /proc/sys/net/ipv4/ip_forward

Oops I've read what you want to do wrong methinks.


iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.6.1.91 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.8.1.91 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -s 10.8.1.0/24 -j ACCEPT

iptables -A INPUT -p ALL -d 10.6.1.91 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED, RELATED -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.6.1.91 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.8.1.91 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.6.1.91


That's quite a long hand way but the way I prefer, no doubt I've made a typing error somewhere but....

Last edited by Looking_Lost; 09-05-2003 at 05:20 PM.
 
Old 09-06-2003, 12:01 PM   #3
gpagedar
LQ Newbie
 
Registered: Sep 2003
Posts: 11

Original Poster
Rep: Reputation: 0
thanxs for the info ....but i am still confused n would appreciate if i can get ur email id on which i can send u a diagram of my network so that u can get a clear picture of my problem
 
Old 09-06-2003, 01:49 PM   #4
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
It's probaby better for you if you post it on here as you'll have the benefit of a whole lot of other people who if I'm not able to help they probably will be able to

Many hands make light work and they'll be able to scrutinize, if you're doing a diagram stick it in-between [ code ] [ /code ] tags(without the spaces in the brackets) so it keeps it's shape
 
Old 01-28-2006, 03:37 AM   #5
adnanwll
LQ Newbie
 
Registered: Jan 2006
Location: karachi
Distribution: Nil
Posts: 2

Rep: Reputation: 0
i have a questions about Ip table What is Ip table please send me detail type of ip table
 
Old 01-28-2006, 09:04 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by adnanwll
i have a questions about Ip table What is Ip table please send me detail type of ip table
welcome to LQ!!!

these links will show you what iptables is:

http://www.netfilter.org/projects/iptables/index.html

http://en.wikipedia.org/wiki/Iptables

but please don't hijack people's threads like this... you should open your own thread in the newbie forum after having searched and confirmed your question hasn't already been answered... good luck!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Required IPTables restart after each boot for NATing?? Nickj Linux - Networking 4 10-13-2005 04:16 AM
iptables twice nating beno123 Linux - Networking 0 07-27-2005 03:41 AM
IPTables Undesired NATing Wraezor Linux - Security 3 07-15-2005 06:09 AM
IP range nating problem szekelyz Linux - Networking 2 09-03-2003 07:29 PM
Nating ... suvajit Linux - Networking 3 05-15-2003 08:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration