SNAT help

SNAT help

[Scott Johnson]

I'm new to iptables so I very much appreciate any help I can get.

I've been digging through information for about 1.5 weeks now and got most 
things to work, however I'm stumped on one thing...

I've got masquerading going on for the 3000+ work stations I have in 
house.  In addition, I've got some good basic firewalling going on, I'm 
still working on the rules, but I'm happy they're working as well as they 
are.

Now, I've got a few PC's that need a different public IP address from the 
masses.  So I'm trying to assign a static NAT to these.  When I assign the 
static nat rule, it never gets used.

For example:

eth0 - internal
eth1 - dmz
eth2 - external

iptables -t nat -A POSTROUTING -s 10.1.3.35/32 -o eth2 -j SNAT --to 
1.2.3.4
(where 1.2.3.4 is the public address that I'm assigning)
ip address add 1.2.3.4 dev eth2

creates a rule that looks like:

   0     0 SNAT       all  --  *      eth2    10.1.3.35            
0.0.0.0/0          to:1.2.3.4

When I go check my ip address at an external site, I keep getting the 
public interface IP address.

Again, any and all help is MUCH appreciated.

Thanks!
  Scott 

SNAT help

[Scott Johnson]

I apologize if this message appears twice... I got a bounce on it the 
first time.

I'm new to iptables so I very much appreciate any help I can get.

I've been digging through information for about 1.5 weeks now and got most 
things to work, however I'm stumped on one thing...

I've got masquerading going on for the 3000+ work stations I have in 
house.  In addition, I've got some good basic firewalling going on, I'm 
still working on the rules, but I'm happy they're working as well as they 
are.

Now, I've got a few PC's that need a different public IP address from the 
masses.  So I'm trying to assign a static NAT to these.  When I assign the 
static nat rule, it never gets used.

For example:

eth0 - internal
eth1 - dmz
eth2 - external

iptables -t nat -A POSTROUTING -s 10.1.3.35/32 -o eth2 -j SNAT --to 
1.2.3.4
(where 1.2.3.4 is the public address that I'm assigning)
ip address add 1.2.3.4 dev eth2

creates a rule that looks like:

   0     0 SNAT       all  --  *      eth2    10.1.3.35            
0.0.0.0/0          to:1.2.3.4

When I go check my ip address at an external site, I keep getting the 
public interface IP address.

Again, any and all help is MUCH appreciated.

Thanks!
  Scott 

SNAT help

[Scott Johnson]

I apologize if this message appears twice... I got a bounce on it the 
first time.

I'm new to iptables so I very much appreciate any help I can get.

I've been digging through information for about 1.5 weeks now and got most 
things to work, however I'm stumped on one thing...

I've got masquerading going on for the 3000+ work stations I have in 
house.  In addition, I've got some good basic firewalling going on, I'm 
still working on the rules, but I'm happy they're working as well as they 
are.

Now, I've got a few PC's that need a different public IP address from the 
masses.  So I'm trying to assign a static NAT to these.  When I assign the 
static nat rule, it never gets used.

For example:

eth0 - internal
eth1 - dmz
eth2 - external

iptables -t nat -A POSTROUTING -s 10.1.3.35/32 -o eth2 -j SNAT --to 
1.2.3.4
(where 1.2.3.4 is the public address that I'm assigning)
ip address add 1.2.3.4 dev eth2

creates a rule that looks like:

   0     0 SNAT       all  --  *      eth2    10.1.3.35            
0.0.0.0/0          to:1.2.3.4

When I go check my ip address at an external site, I keep getting the 
public interface IP address.

Again, any and all help is MUCH appreciated.

Thanks!
  Scott 

Re: SNAT help

[Raymond Leach]

[-- Attachment #1: Type: text/plain, Size: 1530 bytes --]

Where did you put that rule? Does it come before your other SNAT rules?

Are you running a transparent web cache (like squid)?

Ray

On Wed, 2003-04-09 at 17:47, Scott Johnson wrote:
> I apologize if this message appears twice... I got a bounce on it the 
> first time.
> 
> I'm new to iptables so I very much appreciate any help I can get.
> 
> I've been digging through information for about 1.5 weeks now and got most 
> things to work, however I'm stumped on one thing...
> 
> I've got masquerading going on for the 3000+ work stations I have in 
> house.  In addition, I've got some good basic firewalling going on, I'm 
> still working on the rules, but I'm happy they're working as well as they 
> are.
> 
> Now, I've got a few PC's that need a different public IP address from the 
> masses.  So I'm trying to assign a static NAT to these.  When I assign the 
> static nat rule, it never gets used.
> 
> For example:
> 
> eth0 - internal
> eth1 - dmz
> eth2 - external
> 
> iptables -t nat -A POSTROUTING -s 10.1.3.35/32 -o eth2 -j SNAT --to 
> 1.2.3.4
> (where 1.2.3.4 is the public address that I'm assigning)
> ip address add 1.2.3.4 dev eth2
> 
> creates a rule that looks like:
> 
>    0     0 SNAT       all  --  *      eth2    10.1.3.35            
> 0.0.0.0/0          to:1.2.3.4
> 
> When I go check my ip address at an external site, I keep getting the 
> public interface IP address.
> 
> Again, any and all help is MUCH appreciated.
> 
> Thanks!
>   Scott 
> 


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]