[CentOS] SNAT question

Peter Peltonen peter.peltonen at gmail.com
Mon Nov 23 14:10:55 UTC 2009


I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables.

I have the following setup:

eth0: connects to internet with static public IP (obscured
here for privacy)
eth1: connects to DMZ with static public IP (obscured here for privacy)
eth2: connects to LAN with static private IP

Traffic to hosts in the DMZ/Internet through eth0/1 work fine.

I tried masqueradig the LAN with following:

ptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -o eth2 -j ACCEPT
iptables -A POSTROUTING -t nat -s -o eth0 -j SNAT

After this I can ssh to a server in the Internet from the LAN using
the server's IP address but not its name. The w command on the server
tells me that my address has not been masqueraded (its,
the LAN client's private IP).

What am I doing wrong?


More information about the CentOS mailing list