Re: Static NAT w/ iptables problem
> What is the value of /proc/sys/net/ipv4/ip_forward ? You either have
> to set "ip_forward=yes" in /etc/network/options or do something like
> $ echo "1" > /proc/sys/net/ipv4/ip_forward
/proc/sys/net/ipv4/ip_forward is "1"
> If forwarding is already enabled then please send the output of
> "iptables -L -v -n". IMHO this is easier to read than shell-scripts
> written by other people. Regards,
> Philipp Schulte
I did change some settings:
a) I played with the rule some more, working with suggestions I received
here and elsewhere
b) I switched to using
ip addr add 10.80.137.1/24 brd 10.80.137.255 dev eth1 label eth1:0
for adding more ips to eth1.
Some additional info as to how this problem came to pass:
We are part of a larger company (got purchased not too long ago). They
want to access some of our servers. They provided a line and the
10.80.137.0/24 subnet with the request to map the first server they
want to access to 10.80.137.1. My own internal network is 192.168.1.0/24,
so snat seemed to be the obvious solution.
If the nat works i still need to configure some routing but I think I can
do that on my own.
-------------------------------------
Netfilter/IPTABLES filter status:
-------------------------------------
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 192.168.1.195 state
NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
-------------------------------------
Netfilter/IPTABLES nat status:
-------------------------------------
Chain PREROUTING (policy DROP 19 packets, 2708 bytes)
pkts bytes target prot opt in out source destination
3 144 DNAT all -- eth1 * 0.0.0.0/0 10.80.137.1
to:192.168.1.195
Chain POSTROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth1 192.168.1.195 0.0.0.0/0
to:10.80.137.1
Chain OUTPUT (policy ACCEPT 2 packets, 168 bytes)
pkts bytes target prot opt in out source destination
-------------------------------------
Routing table:
Ziel Router Genmask Flags Metric Ref Use Iface
172.16.28.48 * 255.255.255.248 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
10.80.137.0 * 255.255.255.0 U 0 0 0 eth1
---------------------------------------------------------------------------------
| Dipl. Inform. Markus Trümper | |
| | Daewoo Automobile Deutschland GmbH |
| email: m.truemper@daewoo-automobile.de | Lindenstraße 110 |
| www: http://www.daewoo-automobile.de | 28755 Bremen |
| Telefon: +49 (0)421 668-4138 | Germany |
| Fax: +49 (0)421 668-4192 | |
---------------------------------------------------------------------------------
Reply to: