[NTLUG:Discuss] How to masq a static IP with iptables?

Neil Aggarwal neil at JAMMConsulting.com
Thu Mar 7 18:54:51 CST 2002


Hello:

I have the following config:

DSL -----  Linux server -----  Hub ----  Multiple Internal machines

I have a static IP from the DSL Connection.

The Linux server is running dhcpd so it assigns internal
network numbers (192.168.1.x) to the internal machines.
It is also running masquerade so the internal machines
have Internet access.  Here are the commands I used
to get the masquerade up:
	/sbin/modprobe ipt_MASQUERADE
      /sbin/modprobe ip_conntrack_ftp
      /sbin/modprobe ip_nat_ftp
      /sbin/iptables -F
      /sbin/iptables -t nat -F
      /sbin/iptables -t mangle -F
      /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Everything works fine.

Now, I need to set-up a machine with a static IP for a client.
Since I want to configure and test it before shipping it out
to them, I need to be able to set-up the machine exactly as
it would be in their network yet test it when it is connected
to my internal network.

I think there should be a way to masquerade it, probably with
a NAT command, but after reading the HOWTOs, I am confused.

Do I need to do SNAT for packets coming from the machine
and DNAT for packets going to of the machine?

I cant even begin to construct the iptables commands to accomplish
this.

Can anyone shed some light on this?

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases





More information about the Discuss mailing list