On 11/30/06, John Clarke <[EMAIL PROTECTED]> wrote:
On Thu, Nov 30, 2006 at 03:03:13 +1100, Scott Waller (Lots of Watts) wrote:> and I want to let all the computers on eth0 network to talk to an > internet connection on the 10.0.0.1 network, how would I use iptables > and/or NAT to make this happen? Make sure that all the computers on eth0 have 192.168.0.1 as their default gateway and then something list this should do the trick: # accept all packets that are part of an existing connection iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # forward anything from eth0 to eth1 iptables -A FORWARD -s 192.168.0.0/24 -i eth0 -o eth1 -m state --state NEW -j ACCEPT # masquerade anything forwarded from eth0 to eth1 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
Might be a silly question, but why NAT the 192 -> 10 network, as its very likely a device is already doing on the 10 network to the internet. Basically why would you want to double NAT, maybe we should just setup some sort of route to get this traffic out to the net via the nat device on the 10 network? Thanks -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
