NAT via IPTABLES
Michal Semler
semler.michal na globe.cz
Pátek Srpen 24 13:12:23 CEST 2001
Dobry den,
potrebuju
rozjet preklad IP adres cele vnitrni site na celou vnejsi sit
zde:
http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc-6.html
jsem nasel toto:
Multiple Mappings, Overlap and Clashes
You can have NAT rules which map packets onto the same range; the NAT code is
clever enough to avoid clashes. Hence having two rules which map the source
address 192.168.1.1 and 192.168.1.2 respectively onto 1.2.3.4 is fine.
Furthermore, you can map over real, used IP addresses, as long as those
addresses pass through the mapping box as well. So if you have an assigned
network (1.2.3.0/24), but have one internal network using those addresses and
one using the Private Internet Addresses 192.168.1.0/24, you can simply NAT
the 192.168.1.0/24 source addresses onto the 1.2.3.0 network, without fear of
clashing:
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 \
-j SNAT --to 1.2.3.0/24
The same logic applies to addresses used by the NAT box itself: this is how
masquerading works (by sharing the interface address between masqueraded
packets and `real' packets coming from the box itself).
a pro muj pripad :
$TABLES -t nat -A POSTROUTING -s $INET.0/24 -o eth1 \
-j SNAT --to $ENET.0/24
firewall:~# ./moje
iptables v1.2.2: Bad IP address `10.1.2.0/24'
pricemz tedy mam nastaveno:
INET=192.168.2
ENET=10.1.2
kernel 2.4.9
Dekuji za radu
--
Michal Semler
Systemovy administrator
kontakt:
Globe Internet s.r.o.; http://globe.cz
Umisteni a telefon:
http://mapa.globe.cz
Další informace o konferenci Linux