NAT via IPTABLES

[Michal Semler]

Dobry den,
potrebuju 
rozjet preklad IP adres cele vnitrni site na celou vnejsi sit
zde: 
http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc-6.html
jsem nasel toto:

Multiple Mappings, Overlap and Clashes

You can have NAT rules which map packets onto the same range; the NAT code is 
clever enough to avoid clashes. Hence having two rules which map the source 
address 192.168.1.1 and 192.168.1.2 respectively onto 1.2.3.4 is fine.

Furthermore, you can map over real, used IP addresses, as long as those 
addresses pass through the mapping box as well. So if you have an assigned 
network (1.2.3.0/24), but have one internal network using those addresses and 
one using the Private Internet Addresses 192.168.1.0/24, you can simply NAT 
the 192.168.1.0/24 source addresses onto the 1.2.3.0 network, without fear of 
clashing:

# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 \
        -j SNAT --to 1.2.3.0/24

The same logic applies to addresses used by the NAT box itself: this is how 
masquerading works (by sharing the interface address between masqueraded 
packets and `real' packets coming from the box itself).

a pro muj pripad :

$TABLES -t nat -A POSTROUTING -s $INET.0/24 -o eth1 \
        -j SNAT --to $ENET.0/24

firewall:~# ./moje
iptables v1.2.2: Bad IP address `10.1.2.0/24'

pricemz tedy mam nastaveno:

INET=192.168.2
ENET=10.1.2

kernel 2.4.9

Dekuji za radu

-- 
Michal Semler
Systemovy administrator

kontakt:

Globe Internet s.r.o.; http://globe.cz
Umisteni a telefon:
http://mapa.globe.cz