Hi Tami,
I added the following and it helps...
ip rule add nat 1.1.1.10 from 172.16.0.1 table 1 ip rule add nat 2.2.2.10 from 192.168.0.1 table 2
Is the above two lines correct?
Regards, ro0ot
Paul Zirnik wrote:
On Mon, 15 Nov 2004, ro0ot wrote:
Hi,
Below is my Linux firewall network configuration: -
eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0
isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9
Below is my iptables rules: -
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -d 1.1.1.10 -j DNAT --to-destination 172.16.0.1 iptables -t nat -A PREROUTING -d 2.2.2.10 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to-source 1.1.1.10
iptables -t nat -A POSTROUTING -s 192.168.0.1 -j SNAT --to-source 2.2.2.10
POSTROUTING (as the name says it) happens after all routing discussions are made, just before the paket reaches the line. So you need some more ip rules to push the pakets on the right way.
When I perform a traceroute from a workstation with the IP address of
192.168.0.1 and gateway 192.168.0.254, I can see the result of the traceroute
going through the 1.1.1.9 gateway, why? It suppose to SNAT to 2.2.2.10 via
2.2.2.9 gateway.
greets, Tami _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
