What I read was that MASQUERADE should be used for changing IP machines like dialup or DHCP lan workstations etc.. SNAT/DNAT was more for servers with static IPs. It didn't say why and what things could happen, just that it was good networking to do it that way... -----Original Message----- From: Jose Luis Hime [mailto:jhime@xxxxxxxxxxxxxx] Sent: Friday, May 30, 2003 9:34 PM To: 'Matt Hellman'; jhime@xxxxxxxxxxxxxx; George Vieira; 'Ray Leach'; 'Netfilter Mailing List' Subject: RE: Problems with NAT - it worked ! This tip worked perfectly! I will do the command: -t nat -A POSTROUTING -s LAN-A -d LAN-B -j ACCEPT to every known destination. Just to finish, I've heard from many people that using SNAT could cause problems and I better using MASQUERADING... Is that true ? The NAT how-to says the opposite... Well, thanks to everyone, specially to George Vieira. I hope he could finally finish his job after I stopped bothering him! Jose Hime -----Original Message----- From: Matt Hellman [mailto:netfilter@xxxxxxxxxxxxxxxxx] Sent: Thursday, May 29, 2003 10:59 PM To: jhime@xxxxxxxxxxxxxx; 'George Vieira'; 'Ray Leach'; 'Netfilter Mailing List' Subject: RE: Problems with NAT never tried it, but why couldn't you just add ACCEPT rules in PREROUTING [before the NAT rule] for each LAN not_to_be_natted? -t nat -A POSTROUTING -s LAN A -d LAN B -j ACCEPT -t nat -A POSTROUTING -s LAN A -d LAN C -j ACCEPT -t nat -A POSTROUTING -s LAN A -d 0/0 -j SNAT --to Firewall_IP_address >-----Original Message----- >From: netfilter-admin@xxxxxxxxxxxxxxxxxxx >[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] >Sent: Thursday, May 29, 2003 6:03 PM >To: 'George Vieira'; jhime@xxxxxxxxxxxxxx; 'Ray Leach'; >'Netfilter Mailing List' >Subject: RE: Problems with NAT > > >The addresses are the following: > >LAN A: 172.25.0.0 / 255.255.0.0 >LAN B: 172.28.0.0 / 255.255.0.0 >LAN C: 10.0.0.0 / 255.0.0.0 >LAN D: 159.254.172.0 / 255.255.255.0 >LAN E: 164.137.0.0 / 255.255.0.0 > >LANs A and B are from the company I work for. >LANs C, D and E are from custommers of ours. > >Thanks, >Jose Hime > >-----Original Message----- >From: George Vieira [mailto:georgev@xxxxxxxxxxxxxxxxxxxxxx] >Sent: Thursday, May 29, 2003 7:09 PM >To: jhime@xxxxxxxxxxxxxx; Ray Leach; Netfilter Mailing List >Subject: RE: Problems with NAT > > >What is the IP ranges for the other networks? Are they the >same subnet or different ones? >Ned more info so we can determine the needs.. > >PS: Nice drawing ;P > >Thanks, >____________________________________________ >George Vieira >Systems Manager >georgev@xxxxxxxxxxxxxxxxxxxxxx > >Citadel Computer Systems Pty Ltd >http://www.citadelcomputer.com.au > >Phone : +61 2 9955 2644 >HelpDesk: +61 2 9955 2698 > > >-----Original Message----- >From: Jose Luis Hime [mailto:jhime@xxxxxxxxxxxxxx] >Sent: Friday, May 30, 2003 3:15 AM >To: 'Ray Leach'; 'Netfilter Mailing List' >Subject: RE: Problems with NAT > > >The problem is that there are LAN C, LAN D and LAN E in other 3 cities, >also! So, the rule: > >-t nat -A POSTROUTING -s LAN A -d ! LAN B -j SNAT --to >Firewall_IP_address > >would work for LAN B, but not for the other LANs. > >All LANs are connected to the same router. > >Thanks again, >Jose Hime > > >-----Original Message----- >From: netfilter-admin@xxxxxxxxxxxxxxxxxxx >[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Ray Leach >Sent: Thursday, May 29, 2003 12:55 PM >To: Netfilter Mailing List >Subject: Re: Problems with NAT >
