[CentOS] SNAT
Agile Aspect
agile.aspect at gmail.com
Mon Jan 11 00:18:07 UTC 2010
On Sun, Jan 10, 2010 at 6:33 AM, David Hláčik <david at hlacik.eu> wrote:
> Hello I will briefly draw the situation
>
> Router with one interface eth0 , to local network 10.123.0.0/16
>
> on a local network ADSL modem with IP 10.123.10.11
>
> I want to use 10.123.10.11 as a connection to internet .
>
> Because of that I have created default route "ip route add default via
> 10.123.10.11 dev eth0"
>
> I do not want my ADSL modem to do NATing , since it shows to be slow.
> I have configured static route on ADSL modem "10.123.0.0/16 via
> 10.123.10.11" which ensures traffic comming from internet will ge to
> my router.
>
> Now i want to configure NATTING. My concern is, how to create iptables
> rule which will match only the traffic going via 10.123.10.11 and only
> for this will make SNAT.
> If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source
> 213.194.242.198 this will not work . I need to add there a magic words
> that only traffic going via 10.123.10.11 should be SNATted.
Unless the machine running iptables has a NIC with a IP address of
213.194.242.198 I don't believe it's possible with ipchains.
The MODEM is the interface between 213.x and 10.y networks.
If you created a DMZ by moving your LAN to say the 192.z network (or a
different 10.y network) then you should be able to get it work with 2
NICS in the ipchain machine.
In this case, you would route between the 10 network and the 192
network with 2 NICs and SNAT the 10 network.
The WAN would be the 213.x network, the DMZ would be 10.y, and the LAN
would be the 192.z network.
--
Enjoy global warming while it lasts.
More information about the CentOS
mailing list