On Mon, Nov 23, 2009 at 4:31 PM, Peter Peltonen
<peter.pelto...@gmail.com> wrote:
> Hi,
> On Mon, Nov 23, 2009 at 4:15 PM, Giovanni Tirloni <tirl...@gmail.com> wrote:
>> On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen
>> <peter.pelto...@gmail.com> wrote:
>>> Hi,
>>> I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and 
>>> iptables.
>>> I have the following setup:
>>> eth0: connects to internet with static public IP (obscured
>>> here for privacy)
>>> eth1: connects to DMZ with static public IP (obscured here for 
>>> privacy)
>>> eth2: connects to LAN with static private IP
>>> Traffic to hosts in the DMZ/Internet through eth0/1 work fine.
>>> I tried masqueradig the LAN with following:
>>> ptables -A FORWARD -i eth2 -j ACCEPT
>>> iptables -A FORWARD -o eth2 -j ACCEPT
>>> iptables -A POSTROUTING -t nat -s -o eth0 -j SNAT
>>> --to-source
>>> After this I can ssh to a server in the Internet from the LAN using
>>> the server's IP address but not its name. The w command on the server
>>> tells me that my address has not been masqueraded (its,
>>> the LAN client's private IP).
>> If you can ssh to a server on the Internet then your connectivity is
>> working.  You might want to check if DNS is allowed and working from
>> the LAN hosts to the Internet.
>> The fact that 'w' shows your internal IP address is because you're
>> connecting from the LAN to the gateway, which doesn't trigger the SNAT
>> because it's not forwarding any packets... only accepting your
>> connection.
> Hmm,I am SSHing not to the gateway but to a server in the Internet, so
> shouldn't it masquerade the address and w show the gateway's IP and
> not the client's -- isn't this the whole point of the SNAT?
> No other service than SSH seems to work. If I do "telnet mydnsip 53"
> there is no response, it just hangs. I also have correct DNS in
> /etc/resolv.conf.

Nobody has any other ideas what I might be doing wrong here?

CentOS mailing list

Reply via email to