* forward for some IPs and SNAT the rest
@ 2004-03-16 15:58 Jose Luis Faria
2004-03-16 16:09 ` Antony Stone
0 siblings, 1 reply; 2+ messages in thread
From: Jose Luis Faria @ 2004-03-16 15:58 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]
Hello,
I have a firewall inside my organization, but I want to preserve some
source IPs,
and the rest must be SNATed:
host 1 - 192.168.0.1 ------------\
\
\ +--------------+
\| firewall | 193.137.1.1 (ex.)
host 2 - 192.168.0.2 ----------------| with |--------------->
internet
/| iptables | |
/ +--------------+ |
/ / | internal
host 3 - 192.168.0.3 ------------/ / | routing
/ |
/ v
host 4 - 192.168.0.4 ------------/ license server
the host 1 and host 2 must arrive to the license server with the original IP( 192.168.0.1/2) and the others host must be translated with SNAT into 193.137.1.1.
some help?
P.S: Now every hosts use the SNAT for all, but I want to exclude some of them.
--
:) cumprimentos
------------------------------------
Jose Luis Faria
Universidade do Minho
/\ Escola de Engenharia
/\/\ Departamento Informatica
http://www.di.uminho.pt/~jose
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 2468 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: forward for some IPs and SNAT the rest
2004-03-16 15:58 forward for some IPs and SNAT the rest Jose Luis Faria
@ 2004-03-16 16:09 ` Antony Stone
0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2004-03-16 16:09 UTC (permalink / raw)
To: netfilter
On Tuesday 16 March 2004 3:58 pm, Jose Luis Faria wrote:
> Hello,
>
> I have a firewall inside my organization, but I want to preserve some
> source IPs, and the rest must be SNATed:
>
> the host 1 and host 2 must arrive to the license server with the original
> IP( 192.168.0.1/2) and the others host must be translated with SNAT into
> 193.137.1.1.
I assume you currently have a POSTROUTING rule:
iptables -A POSTROUTING -t nat -o $extIF -j SNAT --to 193.137.1.1
Well, simply put two rules in front of this:
iptables -I POSTROUTING -t nat -s 192.168.0.1 -d a.b.c.d -j ACCEPT
iptables -I POSTROUTING -t nat -s 192.168.0.2 -d a.b.c.d -j ACCEPT
Where a.b.c.d is the IP address of the licence server.
Make sure the routing table on the licence server knows how to send packets to
192.168.0.1 correctly.
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-03-16 16:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-16 15:58 forward for some IPs and SNAT the rest Jose Luis Faria
2004-03-16 16:09 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.