[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: multiple outbound NAT

Op 08-01-15 om 14:36 schreef Bonno Bloksma:
> Hi Paul,
> 
>>> At one place I have a Debian wheezy machine that acts as router / firewall using iptables and default routing.
>>> I used to have just 1 ip number on the uplink interface. And a simple 
>>>   $IPTABLES --table nat -A POSTROUTING -o $WORLD_IF -j MASQUERADE line 
>>> in my firewall script sends all traffic out with that single ip addres via NAT.
>>>
>>> Due to several reasons I now have to use more than 1 outbound ip address to make clear from which internal segment the traffic is coming from.
>>> So traffic coming from 172.16.20.0/24 needs to use $WORLD_IP1 And 
>>> traffic coming from 172.16.22.0/24 needs to use $WORLD_IP2 And maybe 
>>> traffic coming from 172.16.24.0/23 needs to use $WORLD_IP3
>>>
>>> How do I configure something like that?
>>
>> Maybe by adding network aliases, and using SNAT in your firewall.
>>
>> See e.g. here:
>> http://stackoverflow.com/questions/18052116/iptables-postrouting-with-snat-for-a-paritcular-destination-ip
> 
> That article talks about a specific target whereas I want it for a specific source net. 

In the article he is changing the source IP, that's what you want.

With regards,
Paul van der Vlis.


-- 
Paul van der Vlis Linux systeembeheer, Groningen
http://www.vandervlis.nl/
Reply to: