Results 1 to 6 of 6

Thread: How to set up SNAT with iptables

  1. #1
    Join Date
    Jun 2009
    Posts
    1,205

    How to set up SNAT with iptables

    Is it possible and if yes how to set up SNAT with iptables but not some machine or some network Destination?

    I have indeed 2 routers behind my router with iptables (1 for internet (I did not hand over the other for a private network)

  2. #2
    Join Date
    May 2008
    Posts
    945

    Re: How to set up SNAT with iptables

    I do not understand anything!

    If you just take a minute to read, you should watch ... it's incomprehensible!

    So if you want help, take the time to describe the layout, organization, addressing, ... This is not an exercise in presentation, this may be an opportunity to find the reasons for your schema.

    It is quite common to have 3 routers in its network. There must be reasons.

    The rest is easy if the logic is clear.

  3. #3
    Join Date
    Jun 2009
    Posts
    1,205

    Re: How to set up SNAT with iptables

    It is indeed incomprehensible! Let me explain: Consider the diagram as given in attachment.

    We made the following assumptions:
    R1 is a router which I can not act (I can not change the routing table and let it all go to the Internet)
    R2 and R3 have Internet access
    R2 and R3 have 3 legs each of which connected to the router R1, on the other two legs there are 2 networks symbolized by the diagram of PC
    The routing table of R2 and R3 allow communication between all the PCs, these communications are not SNAT

    If I want the PC that can access the Internet, R2 and R3 must SNAT.

    My question is: Is it possible to configure iptables with SNAT for the SNAT is done only for communications PCs -> Internet and communications PC <-> PC to do so without address translation ?

    Hoping that it may be a little clearer!

  4. #4
    Join Date
    May 2008
    Posts
    945

    Re: How to set up SNAT with iptables

    Above diagram illustrates "why be simple when you can make it complicated."

    I write what I understand each of the 4 networks should be directly (ping from one to another).

    1st idea: 1 router with 4 interfaces: too easy.

    2nd idea: Only routers ie routers without any address translation, but with roads (cross). Anyway the router R1 will do the translation (necessary) for the Internet.

    In the latter case, a simple "ip_forward = 1" longer routes (ip route add xxxx mask yyyy dev ethX via R3) and it runs. In addition there is no SNAT to be hidden.

  5. #5
    Join Date
    Apr 2008
    Posts
    3,341

    Re: How to set up SNAT with iptables

    Quote Originally Posted by Amie View Post
    R1 is a router which I can not act (I can not change the routing table and let it all go to the Internet)
    It must be hidden. He must learn the routes to the 4 other internal networks.
    But since he can not do anything, you INTERLEAVED a fourth router judiciously placed.

    Between Unmanaged and the other two.

    And you earn one 'small' DMZ plus if your new router is a bit firewall

  6. #6
    Join Date
    May 2008
    Posts
    945

    Re: How to set up SNAT with iptables

    Thank you Snake08, I forgot an important routes that the router R1 is imperative to know.

    Thus

    Ground 1: 1 router / firewall with 4 interfaces:
    => It hidden traffic to the router R1 (which sees only its address) and each interface between road

    Ground 1: 1 router with 4 interfaces:
    => The router R1 must know the 4 networks (via the intermediate router) router and the road between the 4 interfaces.

    Ground 2: 1 router / firewall Intermediate (with DMZ if necessary):
    => It hidden traffic to the R1 router (which sees only its address)
    => And he must know the 4 networks (via each router)

Similar Threads

  1. What are Netfilter and Iptables?
    By Bottlenecked in forum Technology & Internet
    Replies: 8
    Last Post: 29-06-2010, 06:56 AM
  2. Port forwarding with iptables
    By Lauren Ambrose in forum Networking & Security
    Replies: 4
    Last Post: 19-04-2010, 09:37 AM
  3. iptables: No chain/target/match by that name
    By NewComer in forum Operating Systems
    Replies: 4
    Last Post: 18-03-2010, 10:59 PM
  4. Iptables block ip address
    By Soggy Bottom in forum Networking & Security
    Replies: 4
    Last Post: 12-11-2009, 09:49 AM
  5. How to Filter Mac Address Using Iptables ?
    By Nobleman in forum Networking & Security
    Replies: 3
    Last Post: 28-02-2009, 06:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •