From: Mogens Kjaer <mk@crc.dk>
To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
Subject: Re: NAT with two external IP numbers
Date: Fri, 17 Nov 2006 08:24:44 +0100 [thread overview]
Message-ID: <455D63BC.8090703@crc.dk> (raw)
In-Reply-To: <7e67d4983f901ba3347a12c19f4fe4ce@former03.de>
former03 | Baltasar Cevc wrote:
> Hi Mogens,
>
>> Give the linux box two IP numbers externally,
>> e.g. 130.226.184.38 and 130.226.184.39, register
>> 130.226.184.38 with the journal, change the
>> internal IP numbers so that:
>>
> > [...]
>>
>> /sbin/iptables -t nat -A POSTROUTING -s 172.20.0.0/17 -o eth0 -j
>> MASQUERADE
>> /sbin/iptables -t nat -A POSTROUTING -s 172.20.128.0/17 -o eth0:1 -j
>> MASQUERADE
>
> eth0:1 is not a real interface so no packets can go out there. It would be
> good if iptables would throw an error, but probably it's hard for the
> software
> to tell what are 'real' interfaces.
>
> You must use the SNAT target to achieve what you want:
> /sbin/iptables -t nat -A POSTROUTING -s 172.20.0.0/17 -o eth0 -j SNAT
> --to 130.226.184.38
> /sbin/iptables -t nat -A POSTROUTING -s 172.20.128.0/17 -o eth0 -j SNAT
> --to 130.226.184.39
Thanks! It works.
iptables did give me a warning about eth0:1, but an "iptables -t nat -L"
did show that the command was accepted.
Mogens
--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk
prev parent reply other threads:[~2006-11-17 7:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-16 12:37 NAT with two external IP numbers Mogens Kjaer
2006-11-16 16:32 ` former03 | Baltasar Cevc
2006-11-17 7:24 ` Mogens Kjaer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455D63BC.8090703@crc.dk \
--to=mk@crc.dk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox