Re: Translating between local and global IP address

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Lars Brinkhoff <lars.spam@nocrew.org>
To: netfilter@lists.netfilter.org
Subject: Re: Translating between local and global IP address
Date: 22 Jan 2003 17:45:24 +0100	[thread overview]
Message-ID: <853cnlb0bf.fsf@junk.nocrew.org> (raw)

Rob Sterenborg wrote:
> >                     internet
> >                        |
> >                       eth0
> >                   GATEWAY (Linux)
> >                       eth1
> >                        |
> >                  COMPUTER (Windows)
> > 
> > COMPUTER has a local IP address ($IN), but I'd like to mangle
> > packets going through GATEWAY so COMPUTER appears to have another
> > IP address ($OUT) on the internet.

Let me add to this that the internet IP of the gateway is not $OUT,
and connections initiated from a machine on the internet (to $OUT)
should reach COMPUTER.

> You should probably do this :
> 
> # Close your gateway.
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> 
> # Accept forwarding and related.
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth1 -o eth0 -s $IN -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -s $IN -j SNAT --to-source $OUT

Thank you.

> And maybe you need a helper for your network game. You didn't mention
> "the name of the game".

The game is Age of Mythology.

> I don't know what you are trying to achieve with "ifconfig eth0:1
> $OUT" ?

I want packets originating from internet to $OUT to be accepted by the
gateway and redirected to $IN.  Without the ifconfig, the gateway
appears to accept only packets to itself.

> When SNAT-ing, the packets will appear to be coming from eth0 on the
> gateway with IP address $OUT which is your internet IP address. $OUT
> must be your internet IP address otherwise the reply packet will not
> be sent back to you.

I want the gateway to have an IP address of its own, distinct from
$OUT.

next             reply	other threads:[~2003-01-22 16:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-01-22 16:45 Lars Brinkhoff [this message]
2003-01-22 20:18 ` Translating between local and global IP address Rob Sterenborg
  -- strict thread matches above, loose matches on Subject: below --
2003-01-23 13:14 Lars Brinkhoff
     [not found] <FD8F124A387AD6119F7900A0D218B321562093@hslex01.hslbz.local>
2003-01-22  8:28 ` Rob Sterenborg
2003-01-22  7:17 Lars Brinkhoff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=853cnlb0bf.fsf@junk.nocrew.org \
    --to=lars.spam@nocrew.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.