You only need to NAT or MASQ if you are connecting to the internet and
hiding RFC 1597 addresses behind your Linux box, or of your linux box
routes to other LANS and those LANs don't have routes back to the other
LANs on your Linux box. The latter course would be a network bodge to
make up for the fact that you hadn't added those routes elsewhere.
You should use iptables MASQ to perform network address translation if
you don't have a static IP on the net direct to the LAN card in your
Linux box, otherwise you should use iptables SNAT.
For example: In my office I have a leased line, an ADSL line and an
office LAN and a private network for backing up the machines on the
leased line. A linux box sits on them all.
there is a 195.x.x.x address space on the leased line (real ips), a
10.x.x.x address space on the backup LAN (rfc 1597 private), 192.168.x.x
office LAN (rfc 1597 private) and 212.21.x.x for the ADSL (real ips).
The linux box SNATs from office LAN to leased line, SNATS to backup LAN
and SNATS to ADSL line. In reality if I added routes on all the servers
on the backup lan stating the 192.168 LAN was via the linux servers
address on the backup lan, then I wouldn't need to SNAT onto the backup
lan (i.e. from one private network to the other), but becuase I have
some 30+ servers onthe backup lan and I couldn't be bothered to do RIP
or setup static routes, and because I mainly just use ssh from the
office lan to the backup lan, I enabled SNAT for those outgoing packets
which makes all office LAN traffic look like it came directly from the
Linux box....and hence no routes where required.
hope this helps
P.
Lee W wrote:
> Johnny Hughes wrote:
>
> <snip>
>
>> You need to do ip-masquerading to pass traffic thru a linux box as a
>> gateway. That requires 2 NICs and an iptables script which does
>> masquerading
>>
>> I use this script to setup that kind of box:
>> http://ldp.hughesjr.com/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER
>>
>>
>>
> Is it absolutely necessary to use IP-Masq / NAT in order to setup
> Linux as a Router?
>
> I'm trying to setup a few Linux machines (Centos of course) as
> convential routers as opposed to Gateways so that I can learn more
> about routing between them on various Subnets.
> All the How-To's I've found talk about Masq, I would appreciate if
> anyone can point me in the direction of a convential Linux router howto.
>
> Thanks in advance
>
> Regards
>
> Lee
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
