Pablo, Like that name! Looks like you want straight NAT for an rfc 1918 subnet. I suspect you would also like to firewall your private subnet to protect it from the less nice people in the world. So I would recommend grabbing one onf the iptables scripts of the net. There are several the one that I use is gShield. Out of the tar.gz you should be about ready to go. All the configuration files are well documented and the script has some very nice powerful features. Get gShield here http://muse.linuxmafia.org/gshield.html ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-2.8.tgz On your front end machine run these commands ]$ wget ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-2.8.tgz ]$ tar zxvf gShield-2.8.tgz ]$ sudo mv gShield-2.8 /etc/ ]$ sudo ln -s /etc/gShield-2.8/ /etc/firewall You will need to edit 2 files. The file /etc/firewall/conf/NATS should have your 192 subnet listed. The second file to check is the main configuration file /etc/firewall/gShield.conf. It is a large conf file but most of it is comments. You will find that all the common services are covered here. Services like http, ssh, ntp, smtp, ... you get the picture. If you plan on doing anything fancy take a closer look at both the /etc/firewall/conf and /etc/firewall/routables as both of these contain some really cool extra stuff. Next you want to get iptables starting on boot if it is not currently doing so. ]$ chkconfig --list |grep ip iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipop2: off ipop3: off Only if the service is off do you need to do the next step. ]$ sudo chkconfig --level 2345 iptables on ]$ chkconfig --list |grep ip iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off ipop2: off ipop3: off The next step starts the service. ]$ service iptables start ]$ lsmod |grep ip iptable_filter 2412 0 (autoclean) (unused) ip_tables 14936 1 [iptable_filter] Now that we have gShield configured and iptables running you need to setup gShield to start on boot. The simple way is to just add the following 2 lines to your /etc/rc.d/rc.local file # start the firewall at boot /etc/firewall/gShield.rc Now run the script or reboot and you should be ready to rock. Have fun. -----Original Message----- From: Ben Brown [mailto:xthor@xthorsworld.com] Sent: Wed, December 11, 2002 4:47 PM To: psyche-list@redhat.com Subject: Re: (no subject) Pablo: I'm afraid I'm confused. What is it you want to do, have your Linux box do NAT for a pool of private IPs? Or do you want to assign more then one IP address to your NAT box? NAT only needs one WAN IP address, that's the beauty of using it. The only reason I can see that you'd want to assign multiple IPs to it is if you were using it as a firewall, and having it do port forwarding to a DMZ... Could you clarify, please? Thanks. On Wed, 11 Dec 2002, Pablo Allietti wrote: > Ben > Brown wrote: > > Ok but only take the server address, not a pool of 20 real ips, all > clients get ouside acces with the server address. > Ja thats is my problem, i need the client have this 20 ips. > > 200.40.197.67 > 68.......87 > > is this possible??? > > Thnks again > > > > > > You can simply run > > > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j > > MASQUERADE > > > > If you want something a little more robust, you can check out > > > > http://www.xthorsworld.com/rc.firewall > > > > On Wed, 11 Dec 2002, Pablo Allietti wrote: > > > > > How is the method to configure iptables for make a conecction between > my > > > private network 192.168.1.1/24 to have internet access from my > > > 200.40.197.66/28 > > > > > > in resuming need to make nat with a pool of real address. > > > > > > Thanks and sorry for my wnglish > > > > > > > > > > > > > > > > > -- -------- Ben Brown xthor@xthorsworld.com http://www.xthorsworld.com/ -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
