LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-09-2007, 06:16 AM   #1
maliha
LQ Newbie
 
Registered: Jan 2007
Posts: 5

Rep: Reputation: 0
Static Nating via iptables


Guyz,

I m stuck in a problem. I have made a test network to test one of my application. A linux(say "LxNAT") machine having 2 ethernet card is supposed to serve NATING. The senarios is :

LxNAT ----- Having Two interface cards eth0 , eth1
eth1 = connected to main switch with ip address 192.168.1.190. On this switch we have alots of other system with in ip pool of 192.168.1.x.

eth0 = connected to a separte isolated switch and having ip address of 10.1.0.1 .On this isolated switch i have another windows machine connected with ip address 10.1.0.10. and default gateway 10.1.0.1

Now what i want is to access this internal windows machine at 10.1.0.10 from any of my external machines 192.168.1.x . For this purpose i need to do static NATing at LxNAT machine via iptables.

More clearly what i want is to assign an ip address from 192.168.1.x pool say 192.168.1.211 to my internal windows machine (10.1.0.10). So that when i ping from let say 192.168.1.20 to 192.168.1.211 the request is routed from LxNAT to internal windows machine 10.1.0.10.
and vice versa.

I need IPTABLE rules ?

Thanks in advance.
 
Old 01-09-2007, 06:18 AM   #2
maliha
LQ Newbie
 
Registered: Jan 2007
Posts: 5

Original Poster
Rep: Reputation: 0
I want to do it with IPTABLES. I know that SHOREWALL can do that for me but i want to stick with IPTABLE rules.
 
Old 01-09-2007, 06:56 AM   #3
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by maliha
Now what i want is to access this internal windows machine at 10.1.0.10 from any of my external machines 192.168.1.x . For this purpose i need to do static NATing at LxNAT machine via iptables.
You can actually do it in many ways.

If 192.168.1.190 can act as the default gateway for its class (like the way 10.1.0.1 is) then you dont even need NATing. Switching ON the ip_forwarding at kernel will do the needful.

Or otherwise you can make 192.168.1.x class default router to re-route packets destined for 10.1.0.10 to 192.168.1.190. (if you have access & rights to configure it)

Quote:
Originally Posted by maliha
More clearly what i want is to assign an ip address from 192.168.1.x pool say 192.168.1.211 to my internal windows machine (10.1.0.10). So that when i ping from let say 192.168.1.20 to 192.168.1.211 the request is routed from LxNAT to internal windows machine 10.1.0.10.
and vice versa.
If you precisely want to achieve this, then you got to give your linux box a virtual ip of .211 & then forward all or desired packets over to 10.1.0.10 with
Code:
iptables -t nat -A PREROUTING -d 192.168.1.211 -j DNAT --to 10.1.0.10
You can still achieve the same without placing that virtual ip as well.

p.s : Also make sure that switch on the ip-forwarding at kernel level prior to this.
 
Old 01-09-2007, 11:43 AM   #4
maliha
LQ Newbie
 
Registered: Jan 2007
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks amit, Yes precicely i want to do that. Now by applying your suggestion can i access both networks from both ends.

Means Ping from External to Internal and from Internal to external network will work ?

One more thing how can i add virtual ip to my box. i m using fedora 5 ?
 
Old 01-09-2007, 11:56 AM   #5
maliha
LQ Newbie
 
Registered: Jan 2007
Posts: 5

Original Poster
Rep: Reputation: 0
amit i check this solution. It worked well but from one side . Means i can ping from my external network of 192.168.1.X to my windows machine at 10.1.0.1 but not the other way round. Wht i want to ask is wht shud i do to make it work other way round, so that i will be able to ping from internal to external network.

Thanks,
 
Old 01-09-2007, 01:00 PM   #6
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
We did not create any ruleset for the other way round. Look until now; whenever any box from 192.168.1.x subnet connect/browse/use-any-other-service to 192.168.1.211 (virtual ip) it's being forwarded to 10.1.0.10. We are able to do it succesfully. So now when you ask to do it the other way... please specify it precisely with example ip schema (like to whom you want to connect to & from where ?) & then we got to create another iptables ruleset for it to bring it in effect. Our present ruleset doesnt do anything fancy other than we have asked it to.
 
  


Reply

Tags
nating, static


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Required IPTables restart after each boot for NATing?? Nickj Linux - Networking 4 10-13-2005 03:16 AM
iptables twice nating beno123 Linux - Networking 0 07-27-2005 02:41 AM
IPTables Undesired NATing Wraezor Linux - Security 3 07-15-2005 05:09 AM
true way on compiling kernel and static iptables klog2_k Linux - Software 0 07-15-2003 10:21 PM
STATIC Route using IPTables Milkman00 Linux - Networking 3 03-06-2003 07:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration