[CentOS] SNAT question

Peter Peltonen peter.peltonen at gmail.com
Mon Nov 23 14:10:55 UTC 2009


Hi,

I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables.

I have the following setup:

eth0: connects to internet with static public IP 1.2.3.1 (obscured
here for privacy)
eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy)
eth2: connects to LAN with static private IP 192.168.0.1

Traffic to hosts in the DMZ/Internet through eth0/1 work fine.

I tried masqueradig the LAN with following:

ptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -o eth2 -j ACCEPT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
--to-source 1.2.3.1

After this I can ssh to a server in the Internet from the LAN using
the server's IP address but not its name. The w command on the server
tells me that my address has not been masqueraded (its 192.168.0.2,
the LAN client's private IP).

What am I doing wrong?

Best,
Peter


More information about the CentOS mailing list