Re: Routing private and non-private ips

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Mit, 2002-07-17 um 00.37 schrieb lartc-request@mailman.ds9a.nl:

> From: Martin A. Brown <mabrown-lartc@securepipe.com>
> To: Lucky <lucky@knup.de>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re:  Routing private and non-private ips
> Date: 16 Jul 2002 13:19:19 -0500
> 
> Lucky,
> 
> If I understand correctly what you are trying to do, it is simple static 
> network address translation.  The following commands should give you 
> static NAT.

Well, that sounds quite good :)
I first got an "RTNETLINK answers: Invalid argument", but D'oh, it was the wrong 
shell ;)

> Choose an IP in your /29 and make it the public IP.  Choose an IP in the 
> internal rfc 1918 network and make it the private IP.  Now try the 
> following:
> 
>   ip route add nat pu.bl.ic.ip via pr.iv.at.ip
>   ip rule add nat pu.bl.ic.ip from pr.iv.at.ip prio $PRIO
>   ip route flush cache

A big thant you, this works so far. I thought that I could give a public
IP to one of the NICs in the Server here, an it would be routed directly
to, but this is also very nice.

I think it works partially now.
If I do a traceroute from a pc on the internet, it goes on up to the
router and stops there.
If I ping the NATed IP from the router, I get:

moria2:~# ping x.x.x.42
ping: sendto: Invalid argument
ping: wrote x.x.x.42 64 chars, ret=-1

Ping to the private one just works fine:

moria2:~# ping 192.168.2.206
PING 192.168.2.206 (192.168.2.206): 56 data bytes
64 bytes from 192.168.2.206: icmp_seq=0 ttl=64 time=0.5 ms


Well, there comes something to my mind: All of the 192.168.2.0/24 gets
masq'ed to the internet on the router. I think I somehow have to exclude
192.168.2.206 (the pr.iv.at.ip) from the masq'ing, right?
Or is the best solution to put the to-be-NATed server in another subnet
(192.168.4.0/24) for example?


> As for the packet filtering, you'll have to make a second set of rules.
> 
> You'll need to allow the packet from outside to the public IP and you'll 
> need to add a second set of rules to allow the packet from outside to the 
> private IP.
> 
> Good luck,
> 
> -Martin
> 


-- 
Lucky

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux