On Tuesday 05 July 2005 09:50, Carlos Cruells wrote:
> iptables -t nat -A POSTROUTING -s 10.10.12.30 -o eth1 -j SNAT --to
> 62.93.44.116
If a packet has a source IP of 10.10.12.30 and is routed out the eth1
interface, rewrite the source IP to 62.93.44.116.
> When i do a simple ping test from LAN --> Internet, it fails, but if
Don't do it from anywhere on the LAN. Only do it from 10.10.12.30. It
won't work from any other IP. Perhaps you wanted to use a different
source specification, like "-s 10.10.12.0/24" or "-s 10.0.0.0/8"?
> i repeat the same test from firewall, it does ok.
>
> IP_LAN -------(ping)--------> IP www.cisco.com = Not OK
> Firewall -------(ping)--------> IP www.cisco.com = OK
DNS might also be a factor. Only the firewall machine and 10.10.12.30
would be able to get out to any external resolvers with that rule.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
