[EMAIL PROTECTED] wrote on 07/09/2006 11:59:06 AM: > Hi all, > > At the moment I've got a bunch of windows desktops set up on a 10.0.9.0 > subnet. They all connect into a switch which is connected into a > linux router running iptables and ipmasq. > This router is then connected to another switch on the 10.0.1.0 subnet. > There is another router on this subnet which is only accepting > connections from machines on its own subnet. > > I need machines on the .9 subnet to be able to talk to this router > as if they were on the .1 subnet. > > Am I right in thinking that this what IPMASQ is for? It will > masquerade the ip's on the .9 subnet and make it look like they are > all coming from a single ip on the .1 subnet? > > I'm not all that familiar with ipmasq, so I'm not sure what the > commands to achieve the above would be. > > I've tried: > iptables -I FORWARD -p tcp -s 10.0.9.0/24 -d 10.0.1.7 --dport 80 -j MASQUERADE > Try: iptables -I FORWARD -s 10.0.9.0/24 -o $ETH1 -j ACCEPT iptables -I POSTROUTING -s 10.0.9.0/24 -o $ETH1 -t nat -j MASQUERADE
Note that $ETH1 is the interface that is on subnet 10.0.1.0. Also, I have excluded your tcp protocol and port, but you can add them if you want. You need to make sure you also masquerade dns requests if you do not have an internal dns server. Cheers, Scott -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
