Re: SNAT/MASQ on a single subnet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Andrew <nfml7 <at> k1k2.com> writes:

> 
> Hi I'm trying to work out what I guess might not be possible
> with iptables or is simple and I"m just missing something
> 
> I have 3 devices on the same subnet
> 
> 192.168.0.1 ADSL Router
> 192.168.0.240 Linux Server
> 192.168.0.100 Windows PC
> 
> The Linux server has no rules and ACCEPT on all
> 
> What would the minimum necessary rule(s) to get the Linux Server
> to forward (with SNAT or MASQUERADE) packets through the Router
> from 192.168.0.100 and also send the replies back?
> 
> The Linux Server has 192.168.0.1 as it's gateway and also
> has ip forwarding enabled
> 
> I set the gateway on the windows PC to 192.168.0.240
> 
> I tried a few simple single rules and failed.
> (Just the single rule and deleted it after)
> 2 examples were:
> 
> iptables -t nat -A POSTROUTING -o br0 -s 192.168.0.0/24 ! -d
> 192.168.0.0/24 -j SNAT --to 192.168.0.240
> 
> iptables -t nat -A POSTROUTING -o br0 -s 192.168.0.0/24 -j SNAT --to
> 192.168.0.240
> 
> Single ping shows:
> 192.168.0.100 -> 74.125.237.113
> 192.168.0.240 -> 74.125.237.113
> 74.125.237.113 -> 192.168.0.240
> 
> but no "74.125.237.113 -> 192.168.0.100"

[snip tcpdump]

Right, looks like you have a rule working for one way, but not the other...  But
you don't want to just Translate the Network Address (NAT).  Because you're
trying to share one IP address between two machines.  You also need to translate
the Port as well (NAPT), so that you share your tcp/udp port space between the
Linux server and the Windows machine...

> Anyone know what it should really be (or if it isn't possible why?)
> 
> Thanks for your help.

I think you want

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

(grabbed from http://tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html).

Regards
Alan

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Kernel Development]     [Linux Resources]     [Advanced Routing & Traffice Control]     [Bugtraq]     [Free Internet Dating]     [Yosemite Forum]     [Photos]

Add to Google Powered by Linux