Firewall Wizards mailing list archives
Re: NAT with multiple addresses.
From: rob.roberson () verizon com
Date: Tue, 18 Sep 2001 11:45:11 -0400
I am under the impression that the SNAT target mentioned below also accepts
a RANGE of IP addresses, but can't get to a man page right now to find out.
Check the man page for iptables, look for SNAT.
~Rob Roberson
SPECNSC Systems Analyst
Verizon Data Services
"Dhiran Rajbhandari"
<dhiren () atcnet com.n To: "Marcelo Coronel" <marchu.geo () yahoo com>
p> cc: firewall-wizards () nfr com
Sent by: Subject: Re: [fw-wiz] NAT with multiple addresses.
firewall-wizards-adm
in () nfr com
09/17/2001 11:09 PM
Use iptables (kernel must be 2.4.x or above )to use all public addresses
for private addresses../ you have to SNAT (source nat) in nat table
individually to internal addresses so that those internal addresses will
be converted to the defined public addresses../Please check the following
example..
iptables -A POSTROUTING -s 192.168.x.x -o eth1 -j SNAT --to-source 1.2.3.4
for more information visit www.netfilter.org
Rgds,
Dhiren
On Sat, 15 Sep 2001, Marcelo Coronel wrote:
I am trying to install a firewall in an extremely weird network connection to the Internet, and I was wondering if there was someone willing to help me out. Proxy Server ------------ Router --- Internet Workstations | As it seems, some time ago, people just came and plugged the router to the hubs in order to avoid performing configuration tasks in a Linux box. All the workstations and the proxy server (which is serving only as an HTTP proxy server) are coming out on public addresses. I am planning to things this way: Workstations---- Proxy Server --- Router which semms a sound way to do it, as the router belongs to a third party and I don't have access to it. The problem is we're talking about a Cyberbar, and as we all know, usual activity on cyberbars are IRC chatting, web surfing and FTP downloading (I say downloading because people browsing an FTP is not something you see a lot of here, and when they download they just follow a hyperlink on a webpage, which you can do in active mode even blocking syns at the gateway). For all I know, changing all public addresses to private is a good thing, but having twenty five connections from the same IP is something an IRC server administrator will not want. Coming down to the real question... Is there a way to do NAT or Masquerading at the Linux box that will let me use all the public IP addresses I have available. Thanks a lot for your help, Marcelo. __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
--
------------------------------------------------------------------
Dhiran Rajbhandari
Senior Executive
ATC Communications Network
7/28 Adarsh Nagar, Birgunj(Nepal)
Ph No.: 051-24075 (Hunting)
Email : dhiren () atcnet com np,
dhiren () cybermail com np
"All man die, but matter how you die."
"Never trust a software package you don't have sources for." - BSD
Community.
------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT with multiple addresses. Marcelo Coronel (Sep 17)
- Re: [fw-wiz] NAT with multiple addresses. Skip Frizzell (Sep 17)
- Re: NAT with multiple addresses. Dhiran Rajbhandari (Sep 18)
- Re: NAT with multiple addresses. Wes Chalfant (Sep 18)
- <Possible follow-ups>
- Re: NAT with multiple addresses. rob . roberson (Sep 18)