Outgoing NAT problem.
rob0 at gmx.co.uk
Tue Jul 5 17:00:47 CEST 2005
On Tuesday 05 July 2005 09:50, Carlos Cruells wrote:
> iptables -t nat -A POSTROUTING -s 10.10.12.30 -o eth1 -j SNAT --to
If a packet has a source IP of 10.10.12.30 and is routed out the eth1
interface, rewrite the source IP to 220.127.116.11.
> When i do a simple ping test from LAN --> Internet, it fails, but if
Don't do it from anywhere on the LAN. Only do it from 10.10.12.30. It
won't work from any other IP. Perhaps you wanted to use a different
source specification, like "-s 10.10.12.0/24" or "-s 10.0.0.0/8"?
> i repeat the same test from firewall, it does ok.
> IP_LAN -------(ping)--------> IP www.cisco.com = Not OK
> Firewall -------(ping)--------> IP www.cisco.com = OK
DNS might also be a factor. Only the firewall machine and 10.10.12.30
would be able to get out to any external resolvers with that rule.
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter