NAT ONE-TO-ONE or FULL NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm looking information about one to one NAT and his configuration whit IPTABLES v1.2.7a. 
 
My requirements are:
1.	Map IP address for the segment 10.129.41.0/24 for an IP address of 192.168.20.0/24
 
My firewall machine has three NIC:
1.	NIC eth0 for the segment 10.129.41.0/24
2.	NIC eth1 for the segment 192.168.20/24
3.	NIC eth2 for the segment 10.149.50.0/22
 
 
Please if someone can help me, I appreciate that... I'm reading Firewall Linux book, chapter seven, I research in the web, but I failed in my script.
If you can guide me about my requirement, thanks
 
 
I'm using the follow iptables script:
 
#!/bin/bash
IPTABLES=/usr/sbin/iptables
 
echo "Cargando Modulos Espere..."
 
/sbin/depmod -a
 
 
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
 
echo "Modulos ARRIBA"
 
 
 
echo "IP Forward habilitado"
 
echo "1" > /proc/sys/net/ipv4/ip_forward
 
 
#$IPTABLES -P INPUT DROP
                #Politica por defecto del INPUT   ---> DROP
#$IPTABLES -P FORWARD DROP
                #Politica por defecto del VALID_IO ---> DROP
#$IPTABLES -P OUTPUT DROP
                #Politica por defecto del OUTPUT  ---> DROP
 
$IPTABLES -t nat -P PREROUTING  ACCEPT
$IPTABLES -t nat -P OUTPUT      ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
 
 
$IPTABLES --flush
$IPTABLES --flush
$IPTABLES -t nat --flush
 
$IPTABLES --delete-chain
 
echo "Politica por defecto arriba"
 
$IPTABLES -A INPUT  -i lo -j ACCEPT
                #A la interfaz de loopback se permite todo
$IPTABLES -A OUTPUT -o lo -j ACCEPT
                #A la interfaz de loopback se permite todo
 
#LISTA DE DIRECCIONES AUTORIZADAS PARA ENTRAR A LA RED PROTEGIDA
$IPTABLES -A FORWARD -s 10.129.41.123       -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT   -s 10.129.41.123       -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -s 10.129.48.43        -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT   -s 10.129.48.43        -m state --state NEW -j ACCEPT
 
 
#NAT 1:1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.20.183/32 -j SNAT --to 10.129.41.242
$IPTABLES -t nat -A PREROUTING -i eth1 -d 10.129.41.242/32 -j DNAT --to 192.168.20.183
 
# Allow forwarding to each of the servers configured for 1:1 NAT
# (For connections originating from the Internet. Notice how you
# use the real IP addresses here)
 
$IPTABLES  -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.20.183 \
    -m state --state NEW -j ACCEPT
 
# Allow forwarding for all New and Established SNAT connections
# originating on the home network AND already established
# DNAT connections
 
$IPTABLES -A FORWARD -t filter -o eth0 -m state \
         --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# Allow forwarding for all 1:1 NAT connections originating on
# the Internet that have already passed through the NEW forwarding
# statements above
 
$IPTABLES -A FORWARD -t filter -i eth0 -m state \
         --state ESTABLISHED,RELATED -j ACCEPT
 
 
 
Ing. Luis González Sandoval
Ingeniería de Sistemas - Cx UEN GRM
Tel. 2838030
LGonzalezSa@xxxxxxxxx
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux