RE: Problems with NAT - it worked !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What I read was that MASQUERADE should be used for changing IP machines like dialup or DHCP lan workstations etc.. SNAT/DNAT was more for servers with static IPs.

It didn't say why and what things could happen, just that it was good networking to do it that way...

-----Original Message-----
From: Jose Luis Hime [mailto:jhime@xxxxxxxxxxxxxx]
Sent: Friday, May 30, 2003 9:34 PM
To: 'Matt Hellman'; jhime@xxxxxxxxxxxxxx; George Vieira; 'Ray Leach';
'Netfilter Mailing List'
Subject: RE: Problems with NAT - it worked !


This tip worked perfectly! I will do the command:

-t nat -A POSTROUTING -s LAN-A -d LAN-B -j ACCEPT

to every known destination.

Just to finish, I've heard from many people that using SNAT could cause
problems and I better using MASQUERADING...

Is that true ? The NAT how-to says the opposite...

Well, thanks to everyone, specially to George Vieira. I hope he could
finally finish his job after I stopped bothering him!

Jose Hime


-----Original Message-----
From: Matt Hellman [mailto:netfilter@xxxxxxxxxxxxxxxxx]
Sent: Thursday, May 29, 2003 10:59 PM
To: jhime@xxxxxxxxxxxxxx; 'George Vieira'; 'Ray Leach'; 'Netfilter
Mailing List'
Subject: RE: Problems with NAT


never tried it, but why couldn't you just add ACCEPT rules in PREROUTING
[before the NAT rule] for each LAN not_to_be_natted?

-t nat -A POSTROUTING -s LAN A -d LAN B -j ACCEPT
-t nat -A POSTROUTING -s LAN A -d LAN C -j ACCEPT
-t nat -A POSTROUTING -s LAN A -d 0/0 -j SNAT --to Firewall_IP_address


>-----Original Message-----
>From: netfilter-admin@xxxxxxxxxxxxxxxxxxx 
>[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] 
>Sent: Thursday, May 29, 2003 6:03 PM
>To: 'George Vieira'; jhime@xxxxxxxxxxxxxx; 'Ray Leach'; 
>'Netfilter Mailing List'
>Subject: RE: Problems with NAT
>
>
>The addresses are the following:
>
>LAN A: 172.25.0.0 / 255.255.0.0
>LAN B: 172.28.0.0 / 255.255.0.0
>LAN C: 10.0.0.0 / 255.0.0.0
>LAN D: 159.254.172.0 / 255.255.255.0
>LAN E: 164.137.0.0 / 255.255.0.0
>
>LANs A and B are from the company I work for.
>LANs C, D and E are from custommers of ours.
>
>Thanks,
>Jose Hime
>
>-----Original Message-----
>From: George Vieira [mailto:georgev@xxxxxxxxxxxxxxxxxxxxxx]
>Sent: Thursday, May 29, 2003 7:09 PM
>To: jhime@xxxxxxxxxxxxxx; Ray Leach; Netfilter Mailing List
>Subject: RE: Problems with NAT
>
>
>What is the IP ranges for the other networks? Are they the 
>same subnet or different ones?
>Ned more info so we can determine the needs..
>
>PS: Nice drawing ;P
>
>Thanks,
>____________________________________________
>George Vieira
>Systems Manager
>georgev@xxxxxxxxxxxxxxxxxxxxxx
>
>Citadel Computer Systems Pty Ltd
>http://www.citadelcomputer.com.au
>
>Phone   : +61 2 9955 2644
>HelpDesk: +61 2 9955 2698
> 
>
>-----Original Message-----
>From: Jose Luis Hime [mailto:jhime@xxxxxxxxxxxxxx]
>Sent: Friday, May 30, 2003 3:15 AM
>To: 'Ray Leach'; 'Netfilter Mailing List'
>Subject: RE: Problems with NAT
>
>
>The problem is that there are LAN C, LAN D and LAN E in other 3 cities,
>also! So, the rule:
>
>-t nat -A POSTROUTING -s LAN A -d ! LAN B -j SNAT --to 
>Firewall_IP_address
>
>would work for LAN B, but not for the other LANs.
>
>All LANs are connected to the same router.
>
>Thanks again,
>Jose Hime
>
>
>-----Original Message-----
>From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
>[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Ray Leach
>Sent: Thursday, May 29, 2003 12:55 PM
>To: Netfilter Mailing List
>Subject: Re: Problems with NAT
>



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux