On Mon, 15 Nov 2004, ro0ot wrote:
> Hi,
>
> Below is my Linux firewall network configuration: -
>
> eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252
> eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252
> eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0
> eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0
>
> isp 1 gateway: 1.1.1.9
> isp 2 gateway: 2.2.2.9
>
>
> Below is my iptables rules: -
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> iptables -t nat -A PREROUTING -d 1.1.1.10 -j DNAT --to-destination 172.16.0.1
> iptables -t nat -A PREROUTING -d 2.2.2.10 -j DNAT --to-destination 192.168.0.1
>
> iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to-source 1.1.1.10
> iptables -t nat -A POSTROUTING -s 192.168.0.1 -j SNAT --to-source 2.2.2.10
POSTROUTING (as the name says it) happens after all routing discussions
are made, just before the paket reaches the line.
So you need some more ip rules to push the pakets on the right way.
> When I perform a traceroute from a workstation with the IP address of
> 192.168.0.1 and gateway 192.168.0.254, I can see the result of the traceroute
> going through the 1.1.1.9 gateway, why? It suppose to SNAT to 2.2.2.10 via
> 2.2.2.9 gateway.
greets,
Tami
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
