[LARTC] iptable for multiple ip address

[LARTC] iptable for multiple ip address

[James Ma]

[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

Hi, All,

So far, all the applications I have seen for Iptables are focusing on connecting a WAN with one IP address to a LAN and using NAT. My question is if the iptables support multiple IP address on WAN side? If so, how it works (you only have one NIC on WAN side)? Is static NAT (it might not be the right term, I mean a static and permanent connection between WAN IP address and LAN IP address) supported?


Thanks in advance,

James


[-- Attachment #2: Type: text/html, Size: 1139 bytes --]

Re: [LARTC] iptable for multiple ip address

[Juan Antonio Morillas Cerezo]

A fecha Thu, Sep 12, 2002 at 09:35:51AM -0400, James Ma dijo:
>  
> So far, all the applications I have seen for Iptables are focusing on
> connecting a WAN with one IP address to a LAN and using NAT. My question is if
> the iptables support multiple IP address on WAN side? If so, how it works (you
> only have one NIC on WAN side)? Is static NAT (it might not be the right term,
> I mean a static and permanent connection between WAN IP address and LAN IP
> address) supported?
>  

        	Yes, with iptables you can have more than one IP
        address for each physical interface, both in "local" and
        "external" places, then you have to add them as aliases with
        ip, and do some NAT to connect each side, if there are private
        IPs involved.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] iptable for multiple ip address

[Jose Luis Domingo Lopez]

On Thursday, 12 September 2002, at 16:54:03 +0200,
Juan Antonio Morillas Cerezo wrote:

>         	Yes, with iptables you can have more than one IP
>         address for each physical interface, both in "local" and
>         "external" places, then you have to add them as aliases with
>         ip, and do some NAT to connect each side, if there are private
>         IPs involved.
> 
I would add the following. If what the original poster wants is to
somehow give a LAN with private IP addressing access to the Internet
using not a simple public IP address, but a pool of them, you easily
can. Just create an iptables rule with a SNAT target like this:

iptables -t nat -A POSTROUTING --out-interface $WAN_IF \
    --jump SNAT --to-source $START_PUB_IP-$END_PUB_IP

The only limitation I see with this approach is that IP addresses must
be contiguous, but I think this is a typical scenario, because our ISP
tend to give addresses in blocks :)

Hope this helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] iptable for multiple ip address

[Eric Leblond]

Le jeu 12/09/2002 à 21:49, Jose Luis Domingo Lopez a écrit :
 
> iptables -t nat -A POSTROUTING --out-interface $WAN_IF \
>     --jump SNAT --to-source $START_PUB_IP-$END_PUB_IP
> 
> The only limitation I see with this approach is that IP addresses must
> be contiguous, but I think this is a typical scenario, because our ISP
> tend to give addresses in blocks :)

But you can put multiple --to-source so there's no limitation.

--
Eric Leblond
eric@regit.org

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/