Re: Static NATting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK - I did that (can't believe I missed that...) :-/

However, now I have something else weird happening.  I can successfully ping out to hosts that are on my "public" network (our /26 net that the ISP gives us.)  However, I can't seem to get past the router, and the tracert looks weird:

C:\>tracert -d 207.157.9.151

Tracing route to 207.157.9.151 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.227.1.1
  2     1 ms     1 ms     1 ms  10.200.227.1
  3     3 ms     3 ms     3 ms  10.1.2.41
  4     4 ms     4 ms     4 ms  207.157.9.151

I never see either interface that is in the firewall/NAT box.  It goes straight from the router that is at the core (10.1.2.41) to the "public" address on our subnet.  Weird.

>>> Steve Mickeler <steve@xxxxxxxxxx> 03/18/03 12:59PM >>>


On Tue, 18 Mar 2003, Greg Dickinson wrote:

> Hello all,
>
> This question will undoubtedly get me branded as a n00b :-) but I am about to go insane trying to figure this out.  Am I doing something wrong?
>
> Here's the scenario:
>
> I have a RedHat 8 (Kernel 2.4-18) firewall that I am going to run squid on, as well as do some static NATting for some of the administrative PC's here.  I have configured the Cisco router to direct all the traffic from the affected /24 subnet to the linux box, and I am trying to do a 1-to-1 NAT so we can do things like Terminal Services, etc. across the internet.  I am using the following commands (the addresses are for my PC)
>
> iptables -t nat -A POSTROUTING -s 10.227.101.4 -j SNAT --to 207.157.9.<something>
> iptables -t nat -A PREROUTING -s 207.157.9.<something> -j DNAT --to 10.227.101.4

Change the -s to -d on the PREROUTING rule.

iptables -t nat -A PREROUTING -d 207.157.9.X -j DNAT --to 10.227.101.4
iptables -t nat -A POSTROUTING -s 10.227.101.4 -j SNAT --to 207.157.9.X

>
> And all the traffic summarily dies at the firewall :-)
>
> I have aliased the 207.157.9.<something> address to the eth1 interface of the firewall.  What simple, obvious thing have I missed?
>
> TIA,
>
> --Greg
>
>
>
> Gregory B. Dickinson, CNE CCNA
> Systems Engineer
> Logista Solutions
> (205) 231-5602
> (tQ = 2b|!2b)
>
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux