All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: Translating between local and global IP address
@ 2003-01-22 16:45 Lars Brinkhoff
  2003-01-22 20:18 ` Rob Sterenborg
  0 siblings, 1 reply; 5+ messages in thread
From: Lars Brinkhoff @ 2003-01-22 16:45 UTC (permalink / raw)
  To: netfilter

Rob Sterenborg wrote:
> >                     internet
> >                        |
> >                       eth0
> >                   GATEWAY (Linux)
> >                       eth1
> >                        |
> >                  COMPUTER (Windows)
> > 
> > COMPUTER has a local IP address ($IN), but I'd like to mangle
> > packets going through GATEWAY so COMPUTER appears to have another
> > IP address ($OUT) on the internet.

Let me add to this that the internet IP of the gateway is not $OUT,
and connections initiated from a machine on the internet (to $OUT)
should reach COMPUTER.

> You should probably do this :
> 
> # Close your gateway.
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> 
> # Accept forwarding and related.
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth1 -o eth0 -s $IN -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -s $IN -j SNAT --to-source $OUT

Thank you.

> And maybe you need a helper for your network game. You didn't mention
> "the name of the game".

The game is Age of Mythology.

> I don't know what you are trying to achieve with "ifconfig eth0:1
> $OUT" ?

I want packets originating from internet to $OUT to be accepted by the
gateway and redirected to $IN.  Without the ifconfig, the gateway
appears to accept only packets to itself.

> When SNAT-ing, the packets will appear to be coming from eth0 on the
> gateway with IP address $OUT which is your internet IP address. $OUT
> must be your internet IP address otherwise the reply packet will not
> be sent back to you.

I want the gateway to have an IP address of its own, distinct from
$OUT.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Translating between local and global IP address
@ 2003-01-23 13:14 Lars Brinkhoff
  0 siblings, 0 replies; 5+ messages in thread
From: Lars Brinkhoff @ 2003-01-23 13:14 UTC (permalink / raw)
  To: netfilter

Rob Sterenborg wrote:
> > I want packets originating from internet to $OUT to be accepted by
> > the gateway and redirected to $IN.  Without the ifconfig, the
> > gateway appears to accept only packets to itself.
> 
> Yes.  The gateway has 2 IP addresses, 1 public ($OUT) and 1 private
> ($IN).

No, I want the gateway to have a public address other than $OUT, and
the private address shouldn't be $IN, because that's what COMPUTER's
address.

Maybe an example help explain what I want.  Say, GATEWAY has public
address 200.1.1.1 and private address 192.168.1.1.  COMPUTER is
connected to the private network and has private address 192.168.1.2.
However, I want to make it appear that COMPUTER exists as a node on
the internet, on the same subnet as GATEWAY.  The public address of
COMPUTER should be 200.1.1.2.  When a packet to 200.1.1.2 reaches
GATEWAY, it should be NAT'ed to 192.1.1.2 and passed to COMPUTER, and
vice versa.

> > I want the gateway to have an IP address of its own, distinct from
> > $OUT.
> 
> I don't see the point in "appearing to come from another IP", because
> reply packets would not reach you anymore (private IP), or you'd have
> asymmetric routing (2nd public IP).

Yes, there is a second public IP.


^ permalink raw reply	[flat|nested] 5+ messages in thread
[parent not found: <FD8F124A387AD6119F7900A0D218B321562093@hslex01.hslbz.local>]
* Translating between local and global IP address
@ 2003-01-22  7:17 Lars Brinkhoff
  0 siblings, 0 replies; 5+ messages in thread
From: Lars Brinkhoff @ 2003-01-22  7:17 UTC (permalink / raw)
  To: netfilter

Hello,

My home network is set up something like this:

                    internet
                       |
                      eth0
                  GATEWAY (Linux)
                      eth1
                       |
                 COMPUTER (Windows)

COMPUTER has a local IP address ($IN), but I'd like to mangle packets
going through GATEWAY so COMPUTER appears to have another IP address
($OUT) on the internet.  It seems I've had some success with this:

  iptables -t nat -A POSTROUTING -o eth0 -s $IN  -j SNAT --to-source $OUT
  iptables -t nat -A PREROUTING  -i eth0 -d $OUT -j DNAT --to-destination $IN

And to fool GATEWAY into accepting packets for $OUT, I've done this:

  ifconfig eth0:1 $OUT

However, it doesn't seem to work when trying to play a network game on
COMPUTER.  It times out trying to connect to another machine on the
internet.  It probably uses UDP packets.

Any idea what I'm doing wrong?

Thanks.


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-01-23 13:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-22 16:45 Translating between local and global IP address Lars Brinkhoff
2003-01-22 20:18 ` Rob Sterenborg
  -- strict thread matches above, loose matches on Subject: below --
2003-01-23 13:14 Lars Brinkhoff
     [not found] <FD8F124A387AD6119F7900A0D218B321562093@hslex01.hslbz.local>
2003-01-22  8:28 ` Rob Sterenborg
2003-01-22  7:17 Lars Brinkhoff

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.