On Tuesday 16 March 2004 1:20 pm, Luis Hernán Otegui wrote:
> I manage a network with a proxy server (running SQUID and IPTABLES, kernel
> 2.4.18-14) which used to have two NICs, both networks attached to those
> NICs with public IP addresses. Recently, we had to put a third NIC in the
> proxy, with private reserved (10.0.0.x) addresses. So, we had to masquerade
> all the traffic from the two "internal" networks. Here's the diagram:
>
> INTERNET
> | (public IPs network(A))
> | /
> (corporative LAN)-----(proxy)<
> \
> (private IPs network(B))
>
> So far, so good, but the point is that I need the servers in the (A)
> network to maintain their IPs, since they're well known in the net. And
> also we need the hosts in the (B) network to be masqued, since their IPs
> cannot be routed over the internet.
> My questions are:
> a) Are there any way to masquerade only the (B) network? Currently, I have
> a line like this in the *nat section of the /etc/sysconfig/iptables file:
> -A POSTROUTING -o eth0 -j MASQUERADE
> b) Is there any better way to do this?
Sure:
iptables -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE
Replace 192.168.0.0/16 with whatever describes your network B subnet.
Regards,
Antony.
--
"Reports that say that something hasn't happened are always interesting to me,
because as we know, there are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say we know there are some
things we do not know. But there are also unknown unknowns - the ones we
don't know we don't know."
- Donald Rumsfeld, US Secretary of Defence
Please reply to the list;
please don't CC me.
