Well, that's easy. When you know the ports you want to map through the interfaces, just do
iptables -t nat -A POSTROUTING -m multiport -p tcp -s 172.17.1.8 --dports 25,110,1723,1701,47 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j MASQUERADE
or even better
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j SNAT --to-source $ETH2_IP
Those are simple states, you might add --syn or -m state, it's a choice of yours anyway.
Hi!
I have the following:
A RedHat 9.0 with 3 Network cards: One we use in local network (eth1) and the other (eth0 and eth2) to access the internet.
I'd like to separate the traffic. In the eth0 use only with the e-mail server (pop, smtp, 1723, 1701 and protocol 47) and the eht0 with others traffis (http, https, msn....).
I tried
iptables -t nat -A POSTROUTING -o eth2 -s 172.17.1.8 -j MASQUERADE (--this ip addrs is pop and smtp server)
iptables -t nat -A POSTROUTING -o eth0 -s 172.17.0.0/16 -j MASQUERADE
But when I did this I could not access the port 1723, 1701 and protocol 47 using the eth2.
I tried too use only iptables -t nat -A POSTROUTING -o eth2 -s 172.17.0.0/16 -j MASQUERADE
And I got the same prob.
If I use iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -j MASQUERADE
I will get a success access. Only when I use iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -j MASQUERADE (without -o eth2 or -o eth0).
Who could help me?
Thanks
SebastiРіo AntС„nio Campos Infojoi Computadores Ltda Joinville -SC - R. IririСЉ, 3587 Cml. (47) 437-0796 - Cel. (47) 9927-5349 tiao@xxxxxxxxxxxxxx http://www.lupusnet.com.br
-- www.supportivo.org
I can't stop myself checking for pigs in the outlets. Everybody thinks i'm a punk, cause of the hairstyle(220V).
end
