Re: problem with iptables nat
Il giorno mer, 18/05/2005 alle 15.42 +0200, Guenter.Sprakties@team4.de
ha scritto:
>
[...]
> There are two interfaces:
>
> eth0 Protokoll:Ethernet Hardware Adresse 00:02:1E:F1:AA:32
> inet Adresse:172.31.27.1 Bcast:172.31.31.255 Maske:255.255.248.0
> inet6 Adresse: fe80::202:1eff:fef1:aa32/64 Gültigkeitsbereich:Verbindung
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> eth1 Protokoll:Ethernet Hardware Adresse 00:01:02:04:C2:55
> inet Adresse:192.168.2.1 Bcast:192.168.2.255 Maske:255.255.255.0
> inet6 Adresse: fe80::201:2ff:fe04:c255/64 Gültigkeitsbereich:Verbindung
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
[...]
> Think the 172.31.. network as intranet and the 192.168.. net/machine
> as dmz. We like to get the 192.168.2.20 ip natted to 172.31.27.20 from
> the intranet; that means that we can ping 172.31.27.20 from
> 172.31.27.10, the ping arrived as 192.168.2.20 and the return package
> arrived again as 172.31.27.20. When we take the NAT HOW-TO, we
> construct following rules:
> # NAT
> #
> iptables -t nat -A POSTROUTING -s 192.168.2.20 -o eth0 -j SNAT --to 172.31.27.20
> iptables -t nat -A PREROUTING -i eth1 -d 172.31.27.20 -j DNAT --to 192.168.2.20
>
> The nat tables look llike this:
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT all -- anywhere 172.31.27.20 to:192.168.2.20
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- 192.168.2.20 anywhere to:172.31.27.20
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Didn't work, we see no packages in /var/logs/messages.
>
> Like I said before, standard kernel. What's wrong?
IP Address 172.31.27.20 isn't claimed by any interface and is in the
same network of the interface that can claim it. And no special routing
rule is in effect. Try setting an alias on eth0.
Ciao,
Gian Piero.
Reply to: