Re: Newest Iptables Again! :(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday 29 January 2003 09:38, Pablo Allietti wrote:
> I send this question again if is possible to anyone help me. or if is
> possble.
>
> > Hi, Me AGAIN and my iptables problem.! :(
> >
> > again description my net and my problem.
> >
> > Have a 200.40.226.64 /28 net *public NET
> > have a 192.168.1.0 /24 net *private NET
> >
> > have a 200.40.226.66 server running iptables * Is the gateway
> >
> > have a VoIp box THIS is the PROBLEM.
> > i need to put behind the firewall and have the address 192.168.1.33 but
> > i need to outside with 200.40.226.69 and received external requirements
> > with this ip but iptables not function for me. i Put this lines but dont
> > work i need Route? or something else???
> >
> > iptables -t nat -A POSTROUTING -s 192.168.1.33/255.255.255.255 -o eth0
> > -j SNAT --to 200.40.226.70
> >
> > iptables -t nat -A PREROUTING  -s 200.40.226.70/255.255.255.255 -i eth0
> > -j DNAT --to 192.168.1.33
> >

I've only set up NAT once, so I'm not sure if I can help you, but here goes:

Have you set up forwarding? On my setup I had to make sure that traffic from 
the computer behind the firewall was forwarded. I would try something like 
this on your setup:

# Forwarding ALL traffic from your internal lan on the ethernet device 
# $LAN_IFACE: Or you could do something similar to the line accepting traffic 
# from 200.40.226.70.
$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT    

$IPTABLES -A FORWARD -s 200.40.226.70 -d 192.168.1.33 -j ACCEPT

# Accepting forwarded traffic started by 
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Then

iptables -t nat -A POSTROUTING -s 192.168.1.33 -o eth0 -j SNAT --to-source \ 	      	
200.40.226.70	
iptables -t nat -A PREROUTING -i eth0 -d 200.40.226.70 -j DNAT \  
--to-destination  192.168.1.33
 
# You could probably be a bit more restrictive than the above lines.

-- 
Øystein Olsen, oystein.olsen@astro.uio.no, http://folk.uio.no/oeysteio
Institute of Theoretical Astrophysics, http://www.astro.uio.no
University of Oslo, Norway



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux