From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: "Arnauts, Bert" <Bert.Arnauts@fujitsu-siemens.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: DNAT question
Date: Tue, 15 Jun 2004 07:40:53 -0400 [thread overview]
Message-ID: <1087299652.3484.9.camel@localhost> (raw)
In-Reply-To: <519AD2BA94FC6E4DB5DE078B2E37CB10A37999@PDBEX01E.pdb.fsc.net>
On Mon, 2004-06-14 at 10:35, Arnauts, Bert wrote:
> Hello all,
>
> I want to DNAT some machines in another subnet.
> The target machines have ip's like 11.0.0.x/24
>
> My available lan ip's are 172.239.239.x/27 (255.255.255.224)
>
> These are my rules. Wich are apparently not working.
> I created virtual interfaces on eth1, one for each DNAT'ed ip.
>
> What am I missing ? Forget about normal tables stuff, I only want this
> machine to do DNAT.
>
> Thx,
>
>
> INET_IP="172.25.239.208"
> INET_IFACE="eth1"
> INET_BROADCAST="172.25.239.223"
> LAN_IP="11.0.0.1"
> LAN_IP_RANGE="11.0.0.0/24"
> LAN_IFACE="eth0"
> LO_IFACE="lo"
> LO_IP="127.0.0.1"
> IPTABLES="/sbin/iptables"
> echo "1" > /proc/sys/net/ipv4/ip_forward
> $IPTABLES --flush
> $IPTABLES --table nat --flush
> $IPTABLES --delete-chain
> $IPTABLES --table nat --delete-chain
> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source
> $INET_IP
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -t nat -A PREROUTING -d 172.25.239.220/255.255.255.224 -j
> DNAT --to 11.0.0.9
Now that I look at it while awake :-), that last rule looks a bit
strange. Do you mean -d 172.25.239.220/255.255.255.255 or
172.25.239.192/255.255.255.224?
I believe iptables is looking for the base address of the network when
used with a subnet mask and not the node address.
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
next prev parent reply other threads:[~2004-06-15 11:40 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-14 14:35 DNAT question Arnauts, Bert
2004-06-14 14:51 ` Antony Stone
2004-06-14 15:12 ` John A. Sullivan III
2004-06-15 11:40 ` John A. Sullivan III [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-02-14 20:48 dnat question James Edward Stickland
2006-02-15 0:23 ` Edmundo Carmona
2005-10-07 3:32 Gene Dellinger
2004-06-14 17:05 DNAT question Arnauts, Bert
2004-03-12 2:14 Old Cowhand
2004-02-23 21:23 dnat question John Black
2004-02-24 4:18 ` John A. Sullivan III
2004-02-25 15:48 ` Antony Stone
2004-02-24 8:56 ` Antony Stone
[not found] <3F1FDDFB.469242E1@goyaike.com>
2003-07-24 14:15 ` DNAT question Chris Wilson
2003-07-25 2:41 ` Rio Martin.
2003-07-24 7:00 Rio Martin.
2003-07-24 8:29 ` Philip Craig
2003-07-24 8:56 ` Rio Martin.
2003-07-24 9:42 ` Chris Wilson
2003-07-24 13:37 ` Gonzalez, Federico
2003-07-24 14:16 ` Cedric Blancher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1087299652.3484.9.camel@localhost \
--to=john.sullivan@nexusmgmt.com \
--cc=Bert.Arnauts@fujitsu-siemens.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox