[NTLUG:Discuss] How to masq a static IP with iptables?

Paul Ingendorf pauldy at wantek.net
Thu Mar 7 20:52:21 CST 2002 

Create a interface with the gateway ip of the gateway for the network the machine will be on then create a default route from your Linux machine to that machine subnet and allow MASQing trough it.


Like so
Your Gateway 192.168.0.1
Your Primary Interface eth0
New Machines ip 10.0.0.2
New Machine netmask
New Machines Gateway 10.0.0.1

ifconfig eth0:1 10.0.0.2 netmask 255.0.0.0 broadcast 10.255.255.255
route -vF add -net 10.0.0.0 netmask 255.0.0.0 eth0

This should allow you to work everything like your asking and it will allow it to perform almost exactly the way it would at the clients site.

-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Neil Aggarwal
Sent: Thursday, March 07, 2002 6:55 PM
To: NTLUG
Subject: [NTLUG:Discuss] How to masq a static IP with iptables?


Hello:

I have the following config:

DSL -----  Linux server -----  Hub ----  Multiple Internal machines

I have a static IP from the DSL Connection.

The Linux server is running dhcpd so it assigns internal
network numbers (192.168.1.x) to the internal machines.
It is also running masquerade so the internal machines
have Internet access.  Here are the commands I used
to get the masquerade up:
	/sbin/modprobe ipt_MASQUERADE
      /sbin/modprobe ip_conntrack_ftp
      /sbin/modprobe ip_nat_ftp
      /sbin/iptables -F
      /sbin/iptables -t nat -F
      /sbin/iptables -t mangle -F
      /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Everything works fine.

Now, I need to set-up a machine with a static IP for a client.
Since I want to configure and test it before shipping it out
to them, I need to be able to set-up the machine exactly as
it would be in their network yet test it when it is connected
to my internal network.

I think there should be a way to masquerade it, probably with
a NAT command, but after reading the HOWTOs, I am confused.

Do I need to do SNAT for packets coming from the machine
and DNAT for packets going to of the machine?

I cant even begin to construct the iptables commands to accomplish
this.

Can anyone shed some light on this?

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases


_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list