On Mon, Nov 23, 2009 at 12:10 PM, Peter Peltonen <peter.peltonen@xxxxxxxxx> wrote: > Hi, > > I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. > > I have the following setup: > > eth0: connects to internet with static public IP 1.2.3.1 (obscured > here for privacy) > eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) > eth2: connects to LAN with static private IP 192.168.0.1 > > Traffic to hosts in the DMZ/Internet through eth0/1 work fine. > > I tried masqueradig the LAN with following: > > ptables -A FORWARD -i eth2 -j ACCEPT > iptables -A FORWARD -o eth2 -j ACCEPT > iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT > --to-source 1.2.3.1 > > After this I can ssh to a server in the Internet from the LAN using > the server's IP address but not its name. The w command on the server > tells me that my address has not been masqueraded (its 192.168.0.2, > the LAN client's private IP). If you can ssh to a server on the Internet then your connectivity is working. You might want to check if DNS is allowed and working from the LAN hosts to the Internet. The fact that 'w' shows your internal IP address is because you're connecting from the LAN to the gateway, which doesn't trigger the SNAT because it's not forwarding any packets... only accepting your connection. -- Giovanni. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos