Re: SNAT question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen
<peter.peltonen@xxxxxxxxx> wrote:
> Hi,
>
> I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables.
>
> I have the following setup:
>
> eth0: connects to internet with static public IP 1.2.3.1 (obscured
> here for privacy)
> eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy)
> eth2: connects to LAN with static private IP 192.168.0.1
>
> Traffic to hosts in the DMZ/Internet through eth0/1 work fine.
>
> I tried masqueradig the LAN with following:
>
> ptables -A FORWARD -i eth2 -j ACCEPT
> iptables -A FORWARD -o eth2 -j ACCEPT
> iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
> --to-source 1.2.3.1
>
> After this I can ssh to a server in the Internet from the LAN using
> the server's IP address but not its name. The w command on the server
> tells me that my address has not been masqueraded (its 192.168.0.2,
> the LAN client's private IP).

If you can ssh to a server on the Internet then your connectivity is
working.  You might want to check if DNS is allowed and working from
the LAN hosts to the Internet.

The fact that 'w' shows your internal IP address is because you're
connecting from the LAN to the gateway, which doesn't trigger the SNAT
because it's not forwarding any packets... only accepting your
connection.

-- 
Giovanni.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux