(no subject)
Aleksandar Milivojevic
amilivojevic at pbl.ca
Tue Sep 21 16:38:52 CEST 2004
Michael Barry wrote:
> I have a bunch of public IP addresses, for example, in the range
> 192.168.1.100-192.168.1.104.
>
> I have a 5 computers on my internal network statically defined from
> 192.168.0.100-192.168.0.104.
>
> I am trying to create a rule where each computer will always map to the
> same public ip address. For example I did: iptables -t nat -s
> 192.168.0.100 -j SNAT --to-source 192.168.1.100.
I'd guess there was also "-A POSTROUTING" in above command?
> The problem is if I try to do a ping from 192.168.0.100 it correctly
> gets translated to 192.168.1.100 and the ping goes out, but when the
> reply comes back there is an ARP request for WHO-HAS 192.168.1.100, and
> since no-one technically holds this address no reply is ever sent, and
> the ping reply gets dropped. Does anyone know a solution to this
> problem?
This part is strange. The reply should have been translated
automatically back to your private range. I'm not sure if connection
tracking module is required for SNAT. It might be. Try doing "lsmod |
grep ip" and see if it shows up (you might also send output to mailing
list, might help somebody to help you). It is usually automatically
loaded (even when you don't expect it), but if it isn't, try loading it
with "modprobe ip_conntrack".
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the netfilter
mailing list