nat private networks to your external public ip?? Hi Jeremy.. If you have your external interface on a public network and all your other subnets are internal/private networks a NAT rule might help you...
Add 1 such rule per subnet. iptables -t nat -I POSTROUTING -s <subnet-ip-range-internal> -o <external-interface> -j SNAT -to-source <external-interface-ip> eg. iptables -t nat -I POSTROUTING -s 192.168.3.0/24 -o eth1 -j SNAT -to-souce 64.1.2.3 To view your nat rules: iptables -t nat -L -v Hope this works for you...Let me know if it does.. good luck... -Yogini "Opportunities are usually disguised as hard work, so most people don't recognize them." -Ann Landers -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeremy Evans Sent: Thursday, April 11, 2002 10:57 AM To: 'Tom Eastep'; [EMAIL PROTECTED] Subject: RE: iptables and RH 7.2 Yes I did it will route between the different subnets with the clients gateway as the IP of eth1 but will not see out onto the net. -Jeremy -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 11:36 AM To: Jeremy Evans Cc: [EMAIL PROTECTED] Subject: Re: iptables and RH 7.2 On Thu, 11 Apr 2002, Jeremy Evans wrote: > I have RH 7.2 running with iptables 1.2.4-2 . The box has 4 > nic's, 1 external 3 subnetted internal. The subnets can all see each > other but cannot see outside the external IP. I went through the ipmasq > howto and am currently running the first simple script but even this > won't allow the subnets to see out. The machine can see out onto the net > just fine itself. ip_forward is set to 1. I'm baffeled. The script I'm > running is below. > > iptables -A FORWARD -i eth0 -o eth1 -m state -state ESTABLISHED, RELATED > -j ACCEPT > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > iptables -A FORWARD -j LOG > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > Have you configured the default gateway on the internal systems to the IP address of the firewall's eth1? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED]
