Silly problem with NAT
David Mansell
davidm@nsell.org
Wed, 26 Sep 2001 18:31:19 +0100
On Wed, Sep 26, 2001 at 01:10:19PM -0300, Sebastian Gonzalez wrote:
Hello,
> I'm using netfilter with simple NAT on a Pentium I linux box routing as
> default gateway of other 3 linux machines, all of them with public IP
> addresses. My main router, connected to the internet, is seeing the
> querys from those 3 machines as if they come all from the Pentium I
> linux IP. The problem is that i need to distinguish the traffic that
> comes from each of the IP of the linux boxes.
>
> Is there any kind of NAT that allow the packets coming from a certain
> host to maintain its original IP address when they arrive to the router,
> passing through the linux NAT / Firewall server?
I'm slightly confused by your question, are the three linux machines with
public IP addresses the only machines your Pentium box is routing for, or
are there other machines without public addresses which need to be NATted?
If you only have the three machines you don't need to do NAT at all.
However, if you have those three with public addresses plus a few more with
private addresses you can do something like:
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s <linux box 1> -j ACCEPT
iptables -t nat -A POSTROUTING -s <linux box 2> -j ACCEPT
iptables -t nat -A POSTROUTING -s <linux box 3> -j ACCEPT
iptables -t nat -A POSTROUTING -s <private network> -j SNAT --to-source <pentium IP>
This will cause it to masquerade traffic from the other machines whilst
routing traffic from the three machines with real IPs unmolested.
Hope this helps,
David
--
David Mansell http://ban.joh.cam.ac.uk/~davidm/ davidm@nsell.org
tel: +44 7968 029688
"A day for firm decisions!!!!! Or is it?"