/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Ive been trying to solve this issue for sometime. I posted to the list
back in June about the same problem. I still haven't figured out my
solution yet. The answer that was given didn't work out for me.
I guess I can draw a asci picture of what I have and want
__________ __________ __________________
| | ---- ip 1 ---- | | | Internal network
| internet | FW/Router| ----- |
|__________| ---- ip 2 ---- |__________| |_________________
|
|
___-------------___
| |
| |
workstations server
Sorry if the picture is bad.. I am not a ascii pro.
Anyways.
I have a firewall/router box with three interfaces eth0, eth1, eth2
eth2 is internal (private ip, 192.x.x.x)
eth0 is external (public ip)
eth1 is external (public ip)
I have a hub on eth2 that plugs the whole network together (internal
net).
I have eth0 using SNAT to allow the workstations out on one ip. So
every workstation on the network can go out onto the internet.
I am trying to have the server on the internal network use the external
ip that eth1 has when it pushes traffic out, as well as when it receives
traffic since its a server, http, etc etc)
I have tried serveral rules, but went back to the very basic rules to
try to get this working again. Basicly I have these rules, which allow
eth2's workstation to use eth0's ip. I need to somehow write SNAT and
DNAT rules to get eth2's server to use eth1's ip.
Can anyone help me out?
Thanks in advance,
Nicolas Gosselin
here are the rules that I have for eth2's workstations to use eth0's ip.
(yes these were taken from a howto)
$EXTIFONE is equal to "eth0"
$EXTIFTWO would be equal to "eth1"
and $INTIF is "eth2"
---
flush rules here
----
$IPTABLES -A FORWARD -i $EXTIFONE -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIFONE -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
iptables -t nat -A POSTROUTING -o $EXTIFONE -s $INTNET -j SNAT --to
$EXTIPONE
---
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
