NAT ONE-TO-ONE or FULL NAT
/dev/rob0
rob0 at gmx.co.uk
Wed Jun 15 18:27:29 CEST 2005
On Wednesday 15 June 2005 10:35, González Sandoval Luis Rolando wrote:
> I'm looking information about one to one NAT and his configuration
> whit IPTABLES v1.2.7a.
>
> My requirements are:
> 1. Map IP address for the segment 10.129.41.0/24 for an IP address of
> 192.168.20.0/24
>
> #NAT 1:1
> $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.20.183/32 -j
> SNAT --to 10.129.41.242
> $IPTABLES -t nat -A PREROUTING -i eth1 -d 10.129.41.242/32 -j DNAT
> --to 192.168.20.183
>
> # Allow forwarding to each of the servers configured for 1:1 NAT
> # (For connections originating from the Internet. Notice how you
> # use the real IP addresses here)
>
> $IPTABLES -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.20.183 \
> -m state --state NEW -j ACCEPT
I think you need rules like these for each host you wish to NAT. You
might be able to combine your FORWARD (filter table) rules into one
rule.
If you're doing this by means of a shell script you could use a "for"
loop, easier if you were mapping 10.129.41.x to 192.168.20.x.
Why not just directly assign your Internet IP's to the hosts in your
eth1 segment? You can route to them and control access by means of
FORWARD rules. All this NAT seems harder to maintain.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter
mailing list