0

how i can do with SNAT(iptables)

view story
linux-howto

https://bbs.archlinux.org – i have a public ip address 1.2.3.4 (assume)and i want to setup a SNAT server to let interal PC access internet.Archlinux (Latest Verison with newly installed  and updated)eth0: 1.2.3.4 (public ip addr)eth1: 192.168.0.1mask: 255.255.255.0---------------------------------------------------Windows 2003NIC1:192.168.0.2Gateway: 192.168.0.1MASK:255.255.255.0------------------------------------------------------then i input command to Archlinux Serveriptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.2.3.4iptables -t nat -Li can see my rule in itping 8.8.8.8 (google dns) OKbut in my in (HowTos)

Songlist's picture
Submitted by Songlist on 04/30/2011

Stories similar to how i can do with SNAT(iptables)

I am using a Strongswan VPN server on a Debian Squeeze machine. The incoming VPN clients get an IP of the 192.168.99.0/24 subnet.

As I am using this VPN mainly to have encryption when using non-encrypted WLANs I am doing a source NAT into the internet using iptables.

There are lots of questions on here about iptables DNAT/SNAT setups but I haven't found one that solves my current problem. I have services bound to the IP address of eth0 (e.g. 192.168.0.20) and I also have a IP address on eth0:0 (192.168.0.40) which is shared with another server. Only one server is active, so this alias interface comes and goes depending on which server is active.

I have a basic setup that requires the following Client -> iptables DNAT -> Server using udp messaging:

The configuration I have on my client is: (my server is 172.33.1.30)

ifconfig eth0:1 172.32.1.10 netmask 255.255.0.0 ifconfig eth1 172.33.1.10 netmask 255.255.0.0 iptables -t nat -A PREROUTING -p udp -i eth0 -d 172.32.1.10 --dport 1001 -j DNAT --to 172.33.1.30 iptables -A FORWARD -p udp -i et

Ihave OpenVPN and PPTP installed on a VPS. I'm having a few questions that I can't seem to get a firm answer on.

I want to install OpenVPN on 1.1.1.1 (eth0, public IP address) and PPTP on 1.1.1.2 (eth0:1, public IP address). I was able to achieve this with SNAT.

IPtables SNAT eats packets 30 weeks 3 days ago

I am trying to translate outgoing UDP packets with a source port of X to a source port of Y.

I have done this using the following iptables rule:

iptables -t nat -A POSTROUTING -s 10.0.0.1 -p udp --sport X -j SNAT --to-source 10.0.0.1:Y

The counters for this rule increase when packets with a source port of X are generated, but completely vanish after that.

I used command

iptables -t nat -I POSTROUTING -o $INTERFACE -p tcp -j SNAT --to-source $IP

to make my server packets visible as $IP. But the problem is, that it didn't work inside local area, so when I'm sending something to address 10.X.X.X, then I'm not visible as $IP, but as older IP.

EDIT: There are 3 interfaces:

auto eth0 iface eth0 inet static address 46.X.X.152 netmask 255.255

I'm having problems setting up port forwarding for PPTP on a Linux machine to a W2003 VP-server. On linux machine i have eth0 with static ip and internet acces and eth1 for Lan 10.8.1.1/24

I'm running Ubuntu 10.4 with a 2.6.32 Kernel with this nat setting: -A POSTROUTING -s 10.8.1.1/24 -j SNAT --to-source $StaticIP My setup to forwading trafic for port 1723 to deseire ip is:

-A PREROUTING -i e

I am trying to configure NAT for my VPN connection. I have one NIC with 5 configured public IP addresses and I want to use one specific IP address for this NAT config.

I have enabled the ipv4 forwarding and successfully configured SNAT, but the internet connection still doesn't work.

I want to setup a VPN server for personal use, so I follow the blog article [1], and it work like a charm.

The only thing I am wondering is if the iptable's rule secure, e.g.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And I have only one public interface eth0, are there any risk in using the rule above?

From other place, I see other alternatives of iptable rules, e.g.

1.

sudo ipta