From: Mogens Kjaer <mk@crc.dk>
To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
Subject: NAT with two external IP numbers
Date: Thu, 16 Nov 2006 13:37:14 +0100 [thread overview]
Message-ID: <455C5B7A.5040702@crc.dk> (raw)
I'm trying to solve a problem:
We have now:
Internal network: 172.20.0.0/16
External network: 130.226.184.38
This works without problems running a Linux
box with iptables and MASQUERADING
The problem is, that due to a license agreement
(online journal access), some of our users on
the 172.20.0.0 network must have access, and some
don't.
My idea was:
Give the linux box two IP numbers externally,
e.g. 130.226.184.38 and 130.226.184.39, register
130.226.184.38 with the journal, change the
internal IP numbers so that:
172.20.0.0/17 has access
172.20.128.0/17 does not have access
So I want 172.20.0.1 - 172.20.127.255 to be
masqueraded as 130.226.184.38 externally,
and 172.20.128.0 - 172.20.255.254 to be
masqueraded as 130.226.184.39
I've tried adding two IP numbers externally:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:55:11:EF:03
inet addr:130.226.184.38 Bcast:130.226.184.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1774 errors:0 dropped:0 overruns:0 frame:0
TX packets:2543 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:298539 (291.5 KiB) TX bytes:237100 (231.5 KiB)
eth0:1 Link encap:Ethernet HWaddr 00:02:55:11:EF:03
inet addr:130.226.184.39 Bcast:130.226.184.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
and use the following when setting up masquerading:
/sbin/iptables -t nat -A POSTROUTING -s 172.20.0.0/17 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 172.20.128.0/17 -o eth0:1 -j
MASQUERADE
but it doesn't work. Packages comming from 172.20.128.0 addresses
does not get their source address changed, e.g. if I ping another
machine on the 130.226.184.x network from the 172.20.128.x network,
the machine will receive packets with a 172.20.128.x from address,
not 130.226.184.39
How do I solve this problem?
Mogens
--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk
next reply other threads:[~2006-11-16 12:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-16 12:37 Mogens Kjaer [this message]
2006-11-16 16:32 ` NAT with two external IP numbers former03 | Baltasar Cevc
2006-11-17 7:24 ` Mogens Kjaer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455C5B7A.5040702@crc.dk \
--to=mk@crc.dk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.