netstat -nr xxx.xxx.xxx.112 0.0.0.0 255.255.255.252 U 40 0 0 eth1 (External) xxx.xxx.xxx.112 0.0.0.0 255.255.255.240 U 40 0 0 eth2 (DMZ) 10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 eth0 (LAN) 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 xxx.xxx.xxx.113 0.0.0.0 UG 40 0 0 eth1
I wants to have a LAN machine visible on Internet with a public IP but all i can do is a NATed machine that is visible on internet with a public ip BUT which has acces to internet via the gateway of the LAN instead of using its Public IP... In fact i think I need a 2 way NAT. ----- Original Message ----- From: "Erdal MUTLU" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 26, 2002 2:46 PM Subject: Re: Is my problem so hard ??? > I have a eth0(LAN) with 10.0.0.0/24 > > a eth1(Internet) with 1.2.3.114/30 > > a eth2 (DMZ) with 1.2.3.126/28 > > > > > > iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE > > > > > iptables -A PREROUTING -t nat -d 1.2.3.118 -j DNAT --to 10.0.0.15 > > > > I want to acces Internet with 1.2.3.114 and i want to have a machine which > > is actually in my lan to be accessible to internet via a public ip. > > Insteade of > > iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE > > try > > iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 --jump SNAT > --to-source 1.2.3.114 > > This means packets going out from eth1 with source 10.0.0.0/24 will have > source address of 1.2.3.114. Normally MASQUERADE should also work, but I have > never used it. > > Can you also give the output from netstat -nr ? > > Best regards. > Erdal MUTLU >
