Firewall Wizards mailing list archives
Re: NAT with multiple addresses.
From: rob.roberson () verizon com
Date: Tue, 18 Sep 2001 11:45:11 -0400
I am under the impression that the SNAT target mentioned below also accepts a RANGE of IP addresses, but can't get to a man page right now to find out. Check the man page for iptables, look for SNAT. ~Rob Roberson SPECNSC Systems Analyst Verizon Data Services "Dhiran Rajbhandari" <dhiren () atcnet com.n To: "Marcelo Coronel" <marchu.geo () yahoo com> p> cc: firewall-wizards () nfr com Sent by: Subject: Re: [fw-wiz] NAT with multiple addresses. firewall-wizards-adm in () nfr com 09/17/2001 11:09 PM Use iptables (kernel must be 2.4.x or above )to use all public addresses for private addresses../ you have to SNAT (source nat) in nat table individually to internal addresses so that those internal addresses will be converted to the defined public addresses../Please check the following example.. iptables -A POSTROUTING -s 192.168.x.x -o eth1 -j SNAT --to-source 1.2.3.4 for more information visit www.netfilter.org Rgds, Dhiren On Sat, 15 Sep 2001, Marcelo Coronel wrote:
I am trying to install a firewall in an extremely weird network connection to the Internet, and I was wondering if there was someone willing to help me out. Proxy Server ------------ Router --- Internet Workstations | As it seems, some time ago, people just came and plugged the router to the hubs in order to avoid performing configuration tasks in a Linux box. All the workstations and the proxy server (which is serving only as an HTTP proxy server) are coming out on public addresses. I am planning to things this way: Workstations---- Proxy Server --- Router which semms a sound way to do it, as the router belongs to a third party and I don't have access to it. The problem is we're talking about a Cyberbar, and as we all know, usual activity on cyberbars are IRC chatting, web surfing and FTP downloading (I say downloading because people browsing an FTP is not something you see a lot of here, and when they download they just follow a hyperlink on a webpage, which you can do in active mode even blocking syns at the gateway). For all I know, changing all public addresses to private is a good thing, but having twenty five connections from the same IP is something an IRC server administrator will not want. Coming down to the real question... Is there a way to do NAT or Masquerading at the Linux box that will let me use all the public IP addresses I have available. Thanks a lot for your help, Marcelo. __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ------------------------------------------------------------------ Dhiran Rajbhandari Senior Executive ATC Communications Network 7/28 Adarsh Nagar, Birgunj(Nepal) Ph No.: 051-24075 (Hunting) Email : dhiren () atcnet com np, dhiren () cybermail com np "All man die, but matter how you die." "Never trust a software package you don't have sources for." - BSD Community. ------------------------------------------------------------------ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT with multiple addresses. Marcelo Coronel (Sep 17)
- Re: [fw-wiz] NAT with multiple addresses. Skip Frizzell (Sep 17)
- Re: NAT with multiple addresses. Dhiran Rajbhandari (Sep 18)
- Re: NAT with multiple addresses. Wes Chalfant (Sep 18)
- <Possible follow-ups>
- Re: NAT with multiple addresses. rob . roberson (Sep 18)