From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: SNAT help
Date: 09 Apr 2003 18:25:49 +0200 [thread overview]
Message-ID: <1049905548.14655.130.camel@raylinux.internal> (raw)
In-Reply-To: <Pine.LNX.4.44.0304091046430.19561-100000@eccweb1.edina.k12.mn.us>
[-- Attachment #1: Type: text/plain, Size: 1530 bytes --]
Where did you put that rule? Does it come before your other SNAT rules?
Are you running a transparent web cache (like squid)?
Ray
On Wed, 2003-04-09 at 17:47, Scott Johnson wrote:
> I apologize if this message appears twice... I got a bounce on it the
> first time.
>
> I'm new to iptables so I very much appreciate any help I can get.
>
> I've been digging through information for about 1.5 weeks now and got most
> things to work, however I'm stumped on one thing...
>
> I've got masquerading going on for the 3000+ work stations I have in
> house. In addition, I've got some good basic firewalling going on, I'm
> still working on the rules, but I'm happy they're working as well as they
> are.
>
> Now, I've got a few PC's that need a different public IP address from the
> masses. So I'm trying to assign a static NAT to these. When I assign the
> static nat rule, it never gets used.
>
> For example:
>
> eth0 - internal
> eth1 - dmz
> eth2 - external
>
> iptables -t nat -A POSTROUTING -s 10.1.3.35/32 -o eth2 -j SNAT --to
> 1.2.3.4
> (where 1.2.3.4 is the public address that I'm assigning)
> ip address add 1.2.3.4 dev eth2
>
> creates a rule that looks like:
>
> 0 0 SNAT all -- * eth2 10.1.3.35
> 0.0.0.0/0 to:1.2.3.4
>
> When I go check my ip address at an external site, I keep getting the
> public interface IP address.
>
> Again, any and all help is MUCH appreciated.
>
> Thanks!
> Scott
>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-04-09 16:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-09 15:47 SNAT help Scott Johnson
2003-04-09 16:25 ` Raymond Leach [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-05-09 8:31 cranium2003
2005-05-10 17:12 ` Asim Shankar
2003-04-09 14:59 Scott Johnson
2003-04-08 20:38 Scott Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1049905548.14655.130.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.