Linux NAT

Linux NAT

Post by lincy.. » Fri, 19 Nov 1999 04:00:00



Hi everyone :

    First, Please forgive my poor English.
    I am need some help with NAT in linux. I am using OpenLinux 2.3
    Kernal was 2.2.10

    We have some real internet ip from ISP1. for example :
    1.2.3.4 - 1.2.3.10 (Sorry, I am using fake ip here)
    So we using ip alias at eth1
    1.2.3.4 => eth1
    1.2.3.5 => eth1:5
    1.2.3.6 => eth1:6
    ............
    1.2.3.10 => eth1:10

    we have another network card et0. and assign 192.168.1.1
    our local lan using 192.168.1.0/255.255.255.0

    We have another network card eth2 for another "ISP2"
    we also have real ip too: for example :
    4.3.2.1 - 4.3.2.10 (fake ip here again)
    so we using ip alias at eth2
    4.3.2.1 => eth2
    4.3.2.2 => eth2:2
    4.3.2.3 => eth2:3
    ........

    I have setup the route and masq. We can work fine from internal
192.168.1.0 network to access outside world of internet.

    Now I have problem to setup our www/mail/ftp server behide firewall
machine. for example . we setup an www server at 192.168.1.80

    How do I setup ipchains/ipmasqadm to allow outside world form
1.2.3.4 port 80 to 192.168.1.80 port 80 ?

    Does any know how to maping (NAT) real IP/Port into internal
IP/Port ?

    Any help will thanks.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Linux NAT

Post by Yann PERRI » Fri, 19 Nov 1999 04:00:00



> Hi everyone :

Hi,

I think this could do what you want.This example work for ssh
connections
(port 22)
man ipmasqadm for more informations.

#ipchains -I forward -p tcp -d clientA/32 -s hostB/32 22 -j MASQ
#ipchains -I input -p tcp -y -s clientA/32 -d 0/0 22 -m 2
#ipmasqadm mfw -I -m 2 -r hostB 22

for ftp use 21, mail 25 for smtp 110 for pop, www is 80...
but you must use this rule on your "real" interface.
I mean this won't work with aliases. (eth0:0,etc)

for you example this should work:

#ipchains -I forward -p tcp -d 1.2.3.4/32 -s 192.168.1.80/32 80 -j MASQ
#ipchains -I input -p tcp -y -s 1.2.3.4/32 -d 0/0 80 -m 2
#ipmasqadm mfw -I -m 2 -r 192.168.1.80 80

Quote:

>     First, Please forgive my poor English.
>     I am need some help with NAT in linux. I am using OpenLinux 2.3
>     Kernal was 2.2.10

>     We have some real internet ip from ISP1. for example :
>     1.2.3.4 - 1.2.3.10 (Sorry, I am using fake ip here)
>     So we using ip alias at eth1
>     1.2.3.4 => eth1
>     1.2.3.5 => eth1:5
>     1.2.3.6 => eth1:6
>     ............
>     1.2.3.10 => eth1:10

>     we have another network card et0. and assign 192.168.1.1
>     our local lan using 192.168.1.0/255.255.255.0

>     We have another network card eth2 for another "ISP2"
>     we also have real ip too: for example :
>     4.3.2.1 - 4.3.2.10 (fake ip here again)
>     so we using ip alias at eth2
>     4.3.2.1 => eth2
>     4.3.2.2 => eth2:2
>     4.3.2.3 => eth2:3
>     ........

>     I have setup the route and masq. We can work fine from internal
> 192.168.1.0 network to access outside world of internet.

>     Now I have problem to setup our www/mail/ftp server behide firewall
> machine. for example . we setup an www server at 192.168.1.80

>     How do I setup ipchains/ipmasqadm to allow outside world form
> 1.2.3.4 port 80 to 192.168.1.80 port 80 ?

>     Does any know how to maping (NAT) real IP/Port into internal
> IP/Port ?

>     Any help will thanks.

> Sent via Deja.com http://www.deja.com/
> Before you buy.


 
 
 

Linux NAT

Post by lincy.. » Sat, 20 Nov 1999 04:00:00





> > Hi everyone :
> Hi,

> I think this could do what you want.This example work for ssh
> connections
> (port 22)
> man ipmasqadm for more informations.

> #ipchains -I forward -p tcp -d clientA/32 -s hostB/32 22 -j MASQ
> #ipchains -I input -p tcp -y -s clientA/32 -d 0/0 22 -m 2
> #ipmasqadm mfw -I -m 2 -r hostB 22

> for ftp use 21, mail 25 for smtp 110 for pop, www is 80...
> but you must use this rule on your "real" interface.
> I mean this won't work with aliases. (eth0:0,etc)

> for you example this should work:

> #ipchains -I forward -p tcp -d 1.2.3.4/32 -s 192.168.1.80/32 80 -j
MASQ
> #ipchains -I input -p tcp -y -s 1.2.3.4/32 -d 0/0 80 -m 2
> #ipmasqadm mfw -I -m 2 -r 192.168.1.80 80

   Thanks your help. I have try this already. But it's don't work  :(
   I have using tcpdump '(port 80)' to monitor. That package never
touch 192.168.1.80 side. only source-ip with 1.2.3.4.
   Any idea ?

- Show quoted text -

Quote:

> >     First, Please forgive my poor English.
> >     I am need some help with NAT in linux. I am using OpenLinux 2.3
> >     Kernal was 2.2.10

> >     We have some real internet ip from ISP1. for example :
> >     1.2.3.4 - 1.2.3.10 (Sorry, I am using fake ip here)
> >     So we using ip alias at eth1
> >     1.2.3.4 => eth1
> >     1.2.3.5 => eth1:5
> >     1.2.3.6 => eth1:6
> >     ............
> >     1.2.3.10 => eth1:10

> >     we have another network card et0. and assign 192.168.1.1
> >     our local lan using 192.168.1.0/255.255.255.0

> >     We have another network card eth2 for another "ISP2"
> >     we also have real ip too: for example :
> >     4.3.2.1 - 4.3.2.10 (fake ip here again)
> >     so we using ip alias at eth2
> >     4.3.2.1 => eth2
> >     4.3.2.2 => eth2:2
> >     4.3.2.3 => eth2:3
> >     ........

> >     I have setup the route and masq. We can work fine from internal
> > 192.168.1.0 network to access outside world of internet.

> >     Now I have problem to setup our www/mail/ftp server behide
firewall
> > machine. for example . we setup an www server at 192.168.1.80

> >     How do I setup ipchains/ipmasqadm to allow outside world form
> > 1.2.3.4 port 80 to 192.168.1.80 port 80 ?

> >     Does any know how to maping (NAT) real IP/Port into internal
> > IP/Port ?

> >     Any help will thanks.

> > Sent via Deja.com http://www.deja.com/
> > Before you buy.

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Linux NAT

Post by Rodrigo Alve » Thu, 25 Nov 1999 04:00:00


  Hello!

  Anybody knows how can I do static NAT in linux using ipchains?

  Rodrigo

--
Posted via CNET Help.com
http://www.help.com/

 
 
 

Linux NAT

Post by Yann PERRI » Fri, 26 Nov 1999 04:00:00



>   Hello!

>   Anybody knows how can I do static NAT in linux using ipchains?

it's probably impossible...If you find a way to do it please mail me...
try to use something else than ipchains.

yann

 
 
 

Linux NAT

Post by Sid » Fri, 26 Nov 1999 04:00:00




> >   Hello!

> >   Anybody knows how can I do static NAT in linux using ipchains?

> it's probably impossible...If you find a way to do it please mail me...
> try to use something else than ipchains.

try iproute2 or ipfilters on 2.0.36.
 
 
 

Linux NAT

Post by root » Sat, 27 Nov 1999 04:00:00



>   Hello!

>   Anybody knows how can I do static NAT in linux using ipchains?

>   Rodrigo

> --
> Posted via CNET Help.com
> http://www.help.com/

  http://www.csn.tu-chemnitz.de/~mha/linux-ip-nat/

and download this file " nat-static-2.2.4-2.tar.gz " dated 09-Apr-99.

Try this site for very useful information...

  http://www.suse.de/~mha/HyperNews/get/linux-ip-nat.html

Hope this helps you.

Donna

 
 
 

Linux NAT

Post by Raymond Doetje » Wed, 01 Dec 1999 04:00:00


I used the natd wich comes with FreeBSD wich works pretty good!

Raymond



Quote:

>   Hello!

>   Anybody knows how can I do static NAT in linux using ipchains?

>   Rodrigo

> --
> Posted via CNET Help.com
> http://www.help.com/

 
 
 

1. Linux NAT kernel 2.4

Hi all,

I have problem to set NAT on my linux box. My linux is a Redhat 7.1 (i
know quit bad version, but i cann't change it) with kernel 2.4. I have
two interfaces, then its work fine, routing also.

But behind I have a server and I cann't change IP address (license
problme). Then th idea is to NAT this address with a my linux box.

                     |
                     |  a.b.c.0/23
                     |
                     |.11
                   linux
                     box
                     |.1
                     |
                     |
                     |
                     |
                   my server
                   d.e.f.30/24

my server should be see from a.b.c.0 with the ip address a.b.c.62.

My idea is to use netfilter to do that. But i have a problem. I try to
do that :

iptables -t nat -A POSTROUTING -s 138.187.25.30 -o eth0 -j SNAT --to
160.98.31.62
iptables -t nat -A PREROUTING -d 160.98.31.62 -i eth0 -j DNAT --to
138.187.25.30

but without success. also the linux should have both ip address a.b.c.11
and also a.b.c.62. How to do that ?

Somebody can help or send me sample config

thanks all

2. two ADSL line ?

3. help - Linux NAT

4. ATI XPERT 98D 3D AGP

5. PPTP server behind a linux NAT machine

6. lpd for Solaris 2.x?

7. Routing NetBEUI/NetBIOS and AppleTalk through Linux NAT/firewall

8. Anyone used Turbolinux?

9. Linux NAT & Netmeeting

10. Linux NAT again

11. Have more than 1 VPN passthrough in Linux NAT box?

12. Linux NAT howto???

13. Problem with VPN: Win98 -> Linux/NAT -> Windows2000