On Thu, 2007-11-08 at 21:53 +0000, Bradley Kite wrote: > Hi all, > > I've been using NAT for my home network (a single /24 RFC1918 address > range) and it has been working well, however I've recently tried > NATing a more complex environment environment as follows: > > Linux Machine: > Internal Interface: 192.168.1.50/30 -> 192.168.1.49/30 What does the previous line mean? Better explanation please. > External Interface: 81.179.30.111/24 I assume that this is eth0. > Now, connected off the internal interface is a whole network > consisting of several subnets all linked off each other - ie they are > not directly connected to the linux machine. > > The problem I have is that the NAT on the linux box is only actually > nating traffic that comes directly from 192.168.1.49 - the first > upstream router. Any traffic from, for example, 192.168.2.0/24 wont > get natted to 81.179.30.111 as expected. I can see this with tcpdump > - traffic from the directly connected router gets natted, other > traffic is seen (so its not a routing issue) its just not being > natted. Perhaps do some logging (-j LOG) or check the counters on the various chains. # iptables -t nat -L -v -n [...] > Is there any thing I am missing with this configuration? Is there some > limitation with doing NAT that only allows directly connected subnets > to be natted? I am not an expert, but SNAT applies on the way out (as you know), so the box shouldn't care what the ip ranges are. All traffic (local and forwarded) should be "equal" in the POSTROUTING chain. -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
