iptables + ebtables + snat question

Scott Phelps netfilter at decipher.com
Sat Aug 13 00:41:15 CEST 2005


I have the following setup:

           LAN
            |
            |
           if0       ________
DMZ---if1     if2---|ROUTER|---INTERNET
          \   /      --------
           br0




LAN_NET = 10.0.0.1
PUBLIC_NET = 77.25.33.0/28
(14 hosts - broadcast = .15)

I am doing transparent bridging between
if1 and if2

My ROUTER ethernet iface has IP 77.25.33.1

my DMZ hosts will have public IPs ranging
77.25.33.2-14

My question is can Masquerade (SNAT) my LAN
IPs and use the ROUTER ethernet IP
as a --to-source target?

Or do I have to assign a IP to my br0 interface?
I am in deign mode so I was trying to figure out
if this is possible.

The rule would look like this:
$IPTABLES -t nat -A POSTROUTING \
-o $BR0 -j SNAT --to-source $ROUTER_IP

Can this work?



More information about the netfilter mailing list