From: Mogens Kjaer <mk@crc.dk>
To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
Subject: NAT with two external IP numbers
Date: Thu, 16 Nov 2006 13:37:14 +0100 [thread overview]
Message-ID: <455C5B7A.5040702@crc.dk> (raw)
I'm trying to solve a problem:
We have now:
Internal network: 172.20.0.0/16
External network: 130.226.184.38
This works without problems running a Linux
box with iptables and MASQUERADING
The problem is, that due to a license agreement
(online journal access), some of our users on
the 172.20.0.0 network must have access, and some
don't.
My idea was:
Give the linux box two IP numbers externally,
e.g. 130.226.184.38 and 130.226.184.39, register
130.226.184.38 with the journal, change the
internal IP numbers so that:
172.20.0.0/17 has access
172.20.128.0/17 does not have access
So I want 172.20.0.1 - 172.20.127.255 to be
masqueraded as 130.226.184.38 externally,
and 172.20.128.0 - 172.20.255.254 to be
masqueraded as 130.226.184.39
I've tried adding two IP numbers externally:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:55:11:EF:03
inet addr:130.226.184.38 Bcast:130.226.184.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1774 errors:0 dropped:0 overruns:0 frame:0
TX packets:2543 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:298539 (291.5 KiB) TX bytes:237100 (231.5 KiB)
eth0:1 Link encap:Ethernet HWaddr 00:02:55:11:EF:03
inet addr:130.226.184.39 Bcast:130.226.184.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
and use the following when setting up masquerading:
/sbin/iptables -t nat -A POSTROUTING -s 172.20.0.0/17 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 172.20.128.0/17 -o eth0:1 -j
MASQUERADE
but it doesn't work. Packages comming from 172.20.128.0 addresses
does not get their source address changed, e.g. if I ping another
machine on the 130.226.184.x network from the 172.20.128.x network,
the machine will receive packets with a 172.20.128.x from address,
not 130.226.184.39
How do I solve this problem?
Mogens
--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk
next reply other threads:[~2006-11-16 12:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-16 12:37 Mogens Kjaer [this message]
2006-11-16 16:32 ` NAT with two external IP numbers former03 | Baltasar Cevc
2006-11-17 7:24 ` Mogens Kjaer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455C5B7A.5040702@crc.dk \
--to=mk@crc.dk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox