-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have a setup which is confusing me regarding SNAT.
Basically the network looks like: - ------------ | Firewall | - ------------ ~ | ~ | ~ ---------- ~ | Router |-------------> Internet ~ ---------- ~ ||| ~ ||| ~ ---------------------------------------- | Customers on 192.168.17.0/24 addresses | ~ ----------------------------------------
Customers trying to connect to services on the internet send traffic to the router which forwards it to the firewall box. The firewall box then needs to NAT these packets and send them back out the same interface to the router. The router then will send these packets (now with source address of the firewall) out to the internet.
How do you do this? Is it possible?
I was thinking having a POSTROUTING rule like: $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.17.0/24 \ ~ -j SNAT --to-source $INET_IPADDR
And then two FORWARD rules like: $IPTABLES -A FORWARD -i eth0 -o eth0 -s 192.168.17.0/24 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth0 -d 192.168.17.0/24 -j ACCEPT
Notice that in interface and the out interface are both eth0. I am confused about this. Can you even have a rule on the FORWARD chain which goes in and out the same interface?
If anyone can enlighten me I would be grateful.
Regards. Mark. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+0wVUL/zYpWVgapgRAmaJAJ0c0mHCnR9/E8o6LlMidVhk0Xas6QCcDWqe lPJaGWutaWpgMtm1XwnvBFA= =aTk+ -----END PGP SIGNATURE-----
