Hi, All, So far, all the applications I have seen for Iptables are focusing on connecting a WAN with one IP address to a LAN and using NAT. My question is if the iptables support multiple IP address on WAN side? If so, how it works (you only have one NIC on WAN side)? Is static NAT (it might not be the right term, I mean a static and permanent connection between WAN IP address and LAN IP address) supported? Thanks in advance, James
A fecha Thu, Sep 12, 2002 at 09:35:51AM -0400, James Ma dijo:> > So far, all the applications I have seen for Iptables are focusing on > connecting a WAN with one IP address to a LAN and using NAT. My question is if > the iptables support multiple IP address on WAN side? If so, how it works (you > only have one NIC on WAN side)? Is static NAT (it might not be the right term, > I mean a static and permanent connection between WAN IP address and LAN IP > address) supported? >Yes, with iptables you can have more than one IP address for each physical interface, both in "local" and "external" places, then you have to add them as aliases with ip, and do some NAT to connect each side, if there are private IPs involved. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday, 12 September 2002, at 16:54:03 +0200, Juan Antonio Morillas Cerezo wrote:> Yes, with iptables you can have more than one IP > address for each physical interface, both in "local" and > "external" places, then you have to add them as aliases with > ip, and do some NAT to connect each side, if there are private > IPs involved. >I would add the following. If what the original poster wants is to somehow give a LAN with private IP addressing access to the Internet using not a simple public IP address, but a pool of them, you easily can. Just create an iptables rule with a SNAT target like this: iptables -t nat -A POSTROUTING --out-interface $WAN_IF \ --jump SNAT --to-source $START_PUB_IP-$END_PUB_IP The only limitation I see with this approach is that IP addresses must be contiguous, but I think this is a typical scenario, because our ISP tend to give addresses in blocks :) Hope this helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Le jeu 12/09/2002 à 21:49, Jose Luis Domingo Lopez a écrit :> iptables -t nat -A POSTROUTING --out-interface $WAN_IF \ > --jump SNAT --to-source $START_PUB_IP-$END_PUB_IP > > The only limitation I see with this approach is that IP addresses must > be contiguous, but I think this is a typical scenario, because our ISP > tend to give addresses in blocks :)But you can put multiple --to-source so there''s no limitation. -- Eric Leblond eric@regit.org _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/