SNAT / MASQUERADE to a different IP

SNAT / MASQUERADE to a different IP

[Eduardo Bejar]

Hi,

I have this setup:

LAN with one Fedora Server as gateway/email server.

Currently I masquerade all LAN traffic to use the same IP as the Server:

iptables -t nat -A POSTROUTING -s $LAN -o eth0 -j MASQUERADE

So, LAN and mail server use both the same IP address. This works fine, but
now I´d like to make the LAN use a different IP address than the mail
server, so I´d like to know how can I do that?

I tested SNAT, like:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $IP

but with this, LAN and mail server now use $IP both, and what I´d like to do
is assign different IP addresses: one for the LAN and other for the mail
server.

Any thoughts about this will be very appreciated.

Thanks!

Edo

Re: SNAT / MASQUERADE to a different IP

[Robby Workman]

Eduardo Bejar wrote:
> Hi,
> 
> I have this setup:
> 
> LAN with one Fedora Server as gateway/email server.
> 
> Currently I masquerade all LAN traffic to use the same IP as the Server:
> 
> iptables -t nat -A POSTROUTING -s $LAN -o eth0 -j MASQUERADE
> 
> So, LAN and mail server use both the same IP address. This works fine, but
> now I´d like to make the LAN use a different IP address than the mail
> server, so I´d like to know how can I do that?
> 
> I tested SNAT, like:
> 
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $IP
> 
> but with this, LAN and mail server now use $IP both, and what I´d like to do
> is assign different IP addresses: one for the LAN and other for the mail
> server.


Perhaps I'm oversimplifying this, but isn't this what you want?

iptables -t nat -A POSTROUTING -s $MAILSERVER -o eth0 -j SNAT --to $IP1
iptables -t nat -A POSTROUTING -s $LAN -o eth0 -j SNAT --to $IP2

-- 

http://rlworkman.net