agile.aspect at gmail.com
Mon Jan 11 00:18:07 UTC 2010
On Sun, Jan 10, 2010 at 6:33 AM, David Hláčik <david at hlacik.eu> wrote:
> Hello I will briefly draw the situation
> Router with one interface eth0 , to local network 10.123.0.0/16
> on a local network ADSL modem with IP 10.123.10.11
> I want to use 10.123.10.11 as a connection to internet .
> Because of that I have created default route "ip route add default via
> 10.123.10.11 dev eth0"
> I do not want my ADSL modem to do NATing , since it shows to be slow.
> I have configured static route on ADSL modem "10.123.0.0/16 via
> 10.123.10.11" which ensures traffic comming from internet will ge to
> my router.
> Now i want to configure NATTING. My concern is, how to create iptables
> rule which will match only the traffic going via 10.123.10.11 and only
> for this will make SNAT.
> If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source
> 126.96.36.199 this will not work . I need to add there a magic words
> that only traffic going via 10.123.10.11 should be SNATted.
Unless the machine running iptables has a NIC with a IP address of
188.8.131.52 I don't believe it's possible with ipchains.
The MODEM is the interface between 213.x and 10.y networks.
If you created a DMZ by moving your LAN to say the 192.z network (or a
different 10.y network) then you should be able to get it work with 2
NICS in the ipchain machine.
In this case, you would route between the 10 network and the 192
network with 2 NICs and SNAT the 10 network.
The WAN would be the 213.x network, the DMZ would be 10.y, and the LAN
would be the 192.z network.
Enjoy global warming while it lasts.
More information about the CentOS