From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ryan Beisner" Subject: WAP11 host behind Netfilter Router Date: Wed, 18 Sep 2002 15:44:46 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <0cee01c25f54$397d4dc0$64dc0a0a@dataarc> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0CEB_01C25F2A.506BC360" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0CEB_01C25F2A.506BC360 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi All! I have a Linksys WAP11 behind a high speed connection. Currently doing simple NAT with: iptables -t nat -A POSTROUTING -o $extdev -j MASQUERADE (other rules to accept certain protocols for ssh, webmin, etc) and then: iptables -A INPUT -i $extdev -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i $extdev -m state --state NEW,INVALID -j DROP as a simple block to unwanted traffic on an already protected = ext. network Here's the scenario: INT (eth0) IP Range ( 192.168.168.1 class C ) EXT (eth1) IP Range also private ( 10.20.0.3 class B ) EXT (eth1:1) Virtual IP is 10.20.0.4 I want to map everything from Virt IP (Eth1:1) 10.20.0.4 (all ports) to = internal 192.168.168.178 (the Linksys WAP 11). FYI this is for remote = management of my access point. Where in the world do I start? All help is appreciated in advance. Here was my first attempt, which did not work. I explicitly allow all = traffic in/out/fwd for 10.20.0.4 to make sure I wasn't kicking myself = here. Still no go. Suggestions? ""iptables -A PREROUTING -t nat -d 10.20.0.4 -j DNAT --to = 192.168.168.178"" -Ryan Beisner ryanb -at-nosp@m- thedataarc () com ------=_NextPart_000_0CEB_01C25F2A.506BC360 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi All!
 
 
I have a Linksys WAP11 behind a high = speed=20 connection.
 
Currently doing simple NAT = with:
 
    iptables -t nat -A = POSTROUTING=20 -o $extdev -j MASQUERADE
        = (other rules=20 to accept certain protocols for ssh, webmin, etc)
        = and=20 then:
    iptables -A INPUT -i = $extdev -m=20 state --state NEW,INVALID -j DROP
    iptables -A = FORWARD -i=20 $extdev -m state --state NEW,INVALID -j DROP
        as a=20 simple block to unwanted traffic on an already protected ext.=20 network
 
Here's the scenario:
 
    INT (eth0) IP Range = (=20 192.168.168.1 class C )
    EXT (eth1) IP Range = also private=20 ( 10.20.0.3 class B )
    EXT (eth1:1) Virtual = IP is=20 10.20.0.4
 
I want to map everything from Virt IP = (Eth1:1)=20 10.20.0.4 (all ports) to internal 192.168.168.178 (the Linksys WAP = 11). =20 FYI this is for remote management of my access point.
 
Where in the world do I start? = All help is appreciated in advance.
 
Here was my first attempt, which did = not=20 work.  I explicitly allow all traffic in/out/fwd for 10.20.0.4 to = make sure=20 I wasn't kicking myself here.  Still no go.  = Suggestions?
 
    ""iptables -A = PREROUTING -t nat=20 -d 10.20.0.4 -j DNAT --to 192.168.168.178""
 
 
-Ryan Beisner
 
ryanb -at-nosp@m- thedataarc () = com
 
 
------=_NextPart_000_0CEB_01C25F2A.506BC360--