Tue, 17 Jul 2001 14:07:51 -0400
This is a little script we use to add nat entries.
Public IP range 111.222.333.32-63 (255.255.255.224)
Address of Firewall outside interface: 192.168.1.2
Private IP range 10.1.0.0/16
It's sort of a weird setup in that the public IP addresses are routed
through the firewall and the interface of the firewall does not specifically
have a public address. Instead, everything is done through NAT. (it wasn't
my decision to route it that way. I just had to configure the firewall)
I hope this script helps. This script is coupled with a separate script for
our firewall rules. This just does our nat..
-- start script --
# Small lil' script to do nat.
if [ $# -lt 2 ]
echo "$0: Not enough parameters"
/sbin/iptables -t nat -A PREROUTING -d "$OUTADDR" -j DNAT --to
/sbin/iptables -t nat -A POSTROUTING -s "$INADDR" -o eth0 -j
SNAT --to " $OUTADDR" -v
/sbin/iptables -F -t nat -v
new_nat 10.1.1.8 111.22.333.33
new_nat 10.1.1.13 111.22.333.34
new_nat 10.1.1.18 111.22.333.35
new_nat 10.1.1.254 111.22.333.36
new_nat 10.1.1.215 111.222.333.41
new_nat 10.1.1.218 111.222.333.42
new_nat 10.1.1.109 111.222.333.44
new_nat 192.168.1.2 111.222.333.40 # Scylla Outside interface
# Make all connections out bound appear as real addresses
/sbin/iptables -A FORWARD -i eth1 -j ACCEPT -v
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -v
# Create a default NAT Pool
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j SNAT --to
# end of script
Wm. Jason Pappas
----- Original Message -----
From: "Morgan, Gary" <gmorgan@WestportBenefits.net>
Sent: Tuesday, July 17, 2001 1:21 PM
Subject: (no subject)
> Can a one-to-one and a one-to-many NAT be done on a single subnet?
> Here's what I have:
> I have an internet connection with 5 usable IPs
> lets say 188.8.131.52 - 184.108.40.206
> Internal Network containing serveral computers
> lets say 192.168.0.1/24
> I have two ethernet cards on Linux machine (eth0 inside, eth1 outside)
> And here's what I want:
> I want 3 of my machines to do a one-to-one NAT
> 192.168.0.1 = 220.127.116.11
> 192.168.0.2 = 18.104.22.168
> 192.168.0.3 = 22.214.171.124
> and the rest to share the remaining IPs via many-to-one NAT.
> 192.168.0.4-192.168.0.254 = 126.96.36.199-8
> Can this be done? and if so how?
> I'm assuming I will have to assign all 5 outside IP's to my Linux eth1
> interface is this correct?