Hi, I think there is an understanding problem here.
Your question could be understood in 2 ways: 1. You want to view something on the Internet from 192.168.0.1. via 203.16.16.1 you would require to use some sort of masquereading rule in your IPTABLES on 203.16.16.1. For example (assuming your eth1 is the interface pointing to the web): iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $IPWWW or iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 2. You want to provide a service (eg web server) on your internal machine: 192.168.0.1. and you have a live public IP address of say 203.16.16.1. So poeple from the www will resolve a name say: www.webserver.com.au to your live IP 203.16.16.1 You would need this rule to do a NAT. (assuming your eth1 is the interface pointing to the web) iptables -t nat -A PREROUTING -i eth1 -p tcp -d 203.16.16.1 --dport 80 -j DNAT --to 192.168.0.1:80 and of course your web server has to be able to answer to 192.168.0.1 as well as www.webserver.com.au. and your default route of 192.168.0.1 has to point to 203.16.16.1. Otherwise you will also need: (asssuming eth0 is pointing to your internal LAN). iptables -t nat -A POSTROUTING -o eth0 -p tcp -d 192.168.0.1 --dport 80 -j MASQUERADE Hope this helps. No guarantees of course. Bernhard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Vieira Sent: Friday, 28 December 2001 10:49 To: Sydney Linux Users Group (E-mail) Subject: RE: [SLUG] IPROUTE2 and IPTABLES combination but how do you SNAT a machine to a _different_ external IP address? Internet | | Linux FW (203.x.x.1) | | WWW (192.168.0.1) goes out to internet as (203.x.x.2) know what I mean, iptables doesn't have a syntax to do this does it??? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Jeffrey Borg [mailto:[EMAIL PROTECTED]] Sent: Monday, 24 December 2001 9:40 PM To: George Vieira Cc: Sydney Linux Users Group (E-mail) Subject: Re: [SLUG] IPROUTE2 and IPTABLES combination I am doing this for every machine on my lan has a range of 200 ports on the public ip which is useful for incoming connections to apps which can be reconfigured for eg. realplayer, icq etc... how about just putting a SNAT line in as well? and forget the iproute2 stuff. On Mon, 24 Dec 2001, George Vieira wrote: > hi all, > > Firstly - Merry Christmas to all, > > My question (for hopefully the rest of this year) is how do you use in > conjunction with iptables to NAT a few servers out the internet with their > public external IPs using iproute2 (so I've been told can do it) ?... > > $IPTABLES -t nat -A PREROUTING -i $EXTDEV -d 203.x.x.x.x -j DNAT > --to-destination 192.168.0.1 > > I've have worked out the incoming using DNAT/IPTABLES (as above) but the > outgoing and iproute2 has confused me or have I gotten things mixed up? I've > been told that iproute2 has to do this... but some examples I've tried were > total screw ups. > > thanks, > George Vieira. > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
