Re: is it possible to nat to the routed IP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/12/06, Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote:


On Tue, December 12, 2006 07:34, Zhen Zhou wrote:
> Hi all,
> one example network looks like:

[ASCII image skipped)

> So is it possible to nat from 210.153.22.y to 192.168.2.208?
> If possible, how to do it

The gateway must have a route for 192.168.2.x set to 192.168.5.202.
The default gateway for the router must be 192.168.5.201.
The default gateway for 192.168.2.208 must be 192.168.3.254.

Packet arrives at 210.153.22.y.
Packet is DNAT-ed to 192.168.2.208.
Gateway sends packet to 192.168.5.202.
Router at 192.168.5.202 routes packet to 192.168.2.208.

Example, http:

$ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$ipt -A FORWARD -m state --state NEW -d 192.168.2.208 \
  -p tcp --dport 80 -j ACCEPT

$ipt -t nat -A PREROUTING -d 210.153.22.y -p tcp --dport 80 \
  -j DNAT --to 192.168.2.208


Grts,
Rob


Now another issue is pop up:

210.153.22.x is Internet gateway IP, 210.153.22.y is a public ip for
publish 192.168.3.208.
ofcs, from Internet traffic to 192.168.3.208, is go through 210.153.22.y.
But in the another hand all the traffic from 192.168.3.208 to outside,
it will go to 210.153.22.x, could it be a possible go via 210.153.22.y
under some protocols?
How to configure?

Any tips will be appreciated.

Zhou
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux