Hello I will briefly draw the situation Router with one interface eth0 , to local network 10.123.0.0/16 on a local network ADSL modem with IP 10.123.10.11 I want to use 10.123.10.11 as a connection to internet . Because of that I have created default route "ip route add default via 10.123.10.11 dev eth0" I do not want my ADSL modem to do NATing , since it shows to be slow. I have configured static route on ADSL modem "10.123.0.0/16 via 10.123.10.11" which ensures traffic comming from internet will ge to my router. Now i want to configure NATTING. My concern is, how to create iptables rule which will match only the traffic going via 10.123.10.11 and only for this will make SNAT. If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source 213.194.242.198 this will not work . I need to add there a magic words that only traffic going via 10.123.10.11 should be SNATted. Please help, Thank you in advance. David
*** Sorry for mistake I have configured static route on ADSL modem "10.123.0.0/16 via> 10.123.10.1" which ensures traffic comming from internet will ge to > my router10.123.10.1 is address of eth0 on my router. On Sun, Jan 10, 2010 at 3:33 PM, David Hl??ik <david at hlacik.eu> wrote:> Hello I will briefly draw the situation > > Router with one interface eth0 , to local network 10.123.0.0/16 > > on a local network ADSL modem with IP ?10.123.10.11 > > I want to use 10.123.10.11 as a connection to internet . > > Because of that I have created default route "ip route add default via > 10.123.10.11 dev eth0" > > I do not want my ADSL modem to do NATing , since it shows to be slow. > I have configured static route on ADSL modem "10.123.0.0/16 via > 10.123.10.11" which ensures traffic comming from internet will ge to > my router. > > Now i want to configure NATTING. My concern is, how to create iptables > rule which will match only the traffic going via 10.123.10.11 and only > for this will make SNAT. > If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source > 213.194.242.198 this will not work . I need to add there a magic words > that only traffic going via 10.123.10.11 should be SNATted. > > Please help, > > Thank you in advance. > > David >
Am 10.01.2010 15:33, schrieb David Hl??ik:> Hello I will briefly draw the situation[ ... ]> Please help, > > Thank you in advance. > > DavidThe router runs CentOS or Fedora? Because you are sending your mails to both mailing lists. Alexander
Hello, CentOS 5.4, but I believe there will be no difference. Best, David On Sun, Jan 10, 2010 at 4:07 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote:> Am 10.01.2010 15:33, schrieb David Hl??ik: > >> Hello I will briefly draw the situation > > [ ... ] > >> Please help, >> >> Thank you in advance. >> >> David > > The router runs CentOS or Fedora? Because you are sending your mails to > both mailing lists. > > Alexander > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On Sun, Jan 10, 2010 at 6:33 AM, David Hl??ik <david at hlacik.eu> wrote:> Hello I will briefly draw the situation > > Router with one interface eth0 , to local network 10.123.0.0/16 > > on a local network ADSL modem with IP ?10.123.10.11 > > I want to use 10.123.10.11 as a connection to internet . > > Because of that I have created default route "ip route add default via > 10.123.10.11 dev eth0" > > I do not want my ADSL modem to do NATing , since it shows to be slow. > I have configured static route on ADSL modem "10.123.0.0/16 via > 10.123.10.11" which ensures traffic comming from internet will ge to > my router. > > Now i want to configure NATTING. My concern is, how to create iptables > rule which will match only the traffic going via 10.123.10.11 and only > for this will make SNAT. > If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source > 213.194.242.198 this will not work . I need to add there a magic words > that only traffic going via 10.123.10.11 should be SNATted.Unless the machine running iptables has a NIC with a IP address of 213.194.242.198 I don't believe it's possible with ipchains. The MODEM is the interface between 213.x and 10.y networks. If you created a DMZ by moving your LAN to say the 192.z network (or a different 10.y network) then you should be able to get it work with 2 NICS in the ipchain machine. In this case, you would route between the 10 network and the 192 network with 2 NICs and SNAT the 10 network. The WAN would be the 213.x network, the DMZ would be 10.y, and the LAN would be the 192.z network. -- Enjoy global warming while it lasts.