How to NAT and what is the different between NAT and Masquerade?
Fri, 20 Jul 2001 13:18:20 +0100
Content-Type: text/plain; charset=us-ascii
Thus spake linux_netfilter, on Fri, Jul 20, 2001 at 07:32:07PM +0800:
> I have some questions about NAT & Masquerade.
> 1:Are they same?
> 2:The envirment is such as below:
> /|pc2 |192.168.0.2
> eth0 +------+eth1 / +------+
> <=3D=3D=3D=3D=3D=3D=3D=3D=3D|PC1 |-------\
> 126.96.36.199| |192.168 \+------+
> +------+ .0.1 |pc3 |192.168.0.3
> There are linux OS in pc1 which have installed iptables.Now I=20
> want to make a NAT(Masquerade).There are the step(only I think):
> step1:configer the gateway of both pc2,pc point to 192.168.0.1;
> step2:iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 188.8.131.52
Yep basically, and don't forget the
echo "1" > /proc/sys/net/ipv4/ip_forward
or you packets won't be forwarded between interfaces and the Source Nat
> Here are some questions too.above rule is from nat-howto,but I=20
> suspect I can't really understand the howto perhaps.beacause the=20
> default gateway is eht1 but "-o eh0" there.
The -o specifies the interfaces from which the packets get out of when
then transverse the nat table, in the case eth0.
> Need I add a route on=20
> eth0 so that let etho point to eth1?
Nop, routing between interfaces on a dual homed machine should be
>But how eth0 know which packet
> need to nat?only according the diffrence of IP address of the packets?
It is not eth0 who does the nat, eth0 is only a network interface. The
nat is done by the kernel and he knows what to nat because you told him,
"iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 184.108.40.206", nat
everything that passes POSTROUTING. As all packets going out are SNATed
(because you haven't specified any -s, -d, etc).
> step3:add routes so that eh0--->eth1(for internal ip) eth1-->eth0(for=20
> external ip).
There's no need to do this.
> Any answer is appreciated.Or please give me a set rules about the
> envirment above and let me thinking by myself.
Jose Celestino <firstname.lastname@example.org>
Systems Administration - PT Multimedia - SAPO
Repeated reboots of the system failed to solve problem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----