At 12:55 PM 12/19/2005, Bryan J. Smith wrote:
Robert Moskowitz rgm@htt-consult.com wrote:
Well I think this system is back on 3.5. How do I tell? Have not used it in a while...
cat /etc/redhat-release
thanks
I need a NAT for some quick testing and this box was available. Only a 6gb drive, so I can't install Astaro (which I have licenses for). So is there a simple way to turn on NATing? Should I upgrade to 4.2?
Why would you upgrade to 4.2? NetFilter and the IPTables interface has changed little since 2.4.
Good. Just did not know if things were improved enough to warrant it.
E.g., given a private network of 172.31/16, and an Internet-face interface of eth2
/sbin/iptables -A POSTROUTING -t nat -s 172.31.0.0/255.255.0.0 -o eth2 -j MASQUERADE echo "1" >> /proc/sys/net/ipv4/ip_forward
This also assumes you already have existing iptables rules regarding ESTABLISHED,RELATED states and other firewall rules.
I suspect not. When I installed this system I turned off the Linux firewall feature.
This box is behind a firewall, so security risks are not the issue. This time.
Is your firewall also doing NAT+PAT? If so, then I don't recommend 2 layers of NAT+PAT -- especially not on a corporate network.
First of, let me introduce myself. Go take a look at RFC 1918 and look for the name 'Moskowitz'. Also RFCs 2401 - 2412. Yeah, I am the one that set up the 'environment' to make NATs a fact of life. Well axtually ROAD imploded and we were left with no real alternative...
No I have public addresses. So one interface is in 65.84.78/24 and the other is set up as 192.168.192.0/28
But I will be putting a NAT behind it! You see, I want to replicate one of my production networks, maintaining the IP address scheme, and still allow the servers to get updates through the double NATing.
I quite know what I am doing on Network Architecture. But I am an architect/researcher, and have not spent the time learning my Unix stuff. In fact I have forgetten most of what I knew back in '93 when I was supporting SUN/386 stuff.
-- Bryan J. Smith b.j.smith@ieee.org http://thebs413.blogspot.com
Also see IEEE 802.11i