On Wednesday 15 June 2005 10:35, González Sandoval Luis Rolando wrote:
> I'm looking information about one to one NAT and his configuration
> whit IPTABLES v1.2.7a.
>
> My requirements are:
> 1. Map IP address for the segment 10.129.41.0/24 for an IP address of
> 192.168.20.0/24
>
> #NAT 1:1
> $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.20.183/32 -j
> SNAT --to 10.129.41.242
> $IPTABLES -t nat -A PREROUTING -i eth1 -d 10.129.41.242/32 -j DNAT
> --to 192.168.20.183
>
> # Allow forwarding to each of the servers configured for 1:1 NAT
> # (For connections originating from the Internet. Notice how you
> # use the real IP addresses here)
>
> $IPTABLES -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.20.183 \
> -m state --state NEW -j ACCEPT
I think you need rules like these for each host you wish to NAT. You
might be able to combine your FORWARD (filter table) rules into one
rule.
If you're doing this by means of a shell script you could use a "for"
loop, easier if you were mapping 10.129.41.x to 192.168.20.x.
Why not just directly assign your Internet IP's to the hosts in your
eth1 segment? You can route to them and control access by means of
FORWARD rules. All this NAT seems harder to maintain.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
