This is basically exactly what you want to do: http://www.linuxguruz.org/iptables/scripts/rc.DMZ.firewall.txt
- James > -----Original Message----- > From: Inaki Martinez [mailto:[EMAIL PROTECTED] > Sent: Monday, June 10, 2002 10:29 AM > To: Debian Firewall > Subject: About Iptables and Masquerade > > > Hello!!! > > > I have a Server (Firewall) with 3 interfaces: > > | A > | > +--+--+ > B | | C > ---+ +---- > | | > +-----+ > > A = External IP (Valid Internet IP) eth0 > B = External IP (Another Network Valid Internet IP) eth1 > C = Local IP 192.168.1.1 eth2 > > NOTE: Forward is active and PCs and Servers in B Network work OK. > > > How do i Masquerade the C Network???? > > I need to connect to internet from a PC in the C Network > (192.168.1.2) From a PC in C Network can see PCs in B > network, but no internet PCs. > > > The IPTables Howto writes: > > > Masquerading > There is a specialized case of Source NAT called > masquerading: it should only be used for dynamically-assigned > IP addresses, such as standard dialups (for static IP > addresses, use SNAT above). > > > So i MUST use SNAT.... OK........ > > > # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to External IP (A) > > I think this is NOT correct... in my case..... > > > I am a bit lost...... could any help me?????? > > > Thanks in advance. > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
