Tuesday, July 10, 2007
1:1 NAT on your Linux/Netfilter Firewall
So you want to map a public IP to a private IP behind your Linux (netfilter) based firewall. Here is the syntax:
Where $NAT_IP is the external IP of your firewall. The last rule is required if you want hosts on your internal net to be able to talk to that external IP as well.
## Standard Stuff ##
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --table nat -A POSTROUTING -o eth0 -j SNAT --to $NAT_IP
## The 1:1 NAT stuff ##
iptables -t nat -A PREROUTING -d $EXTERNAL_IP \
-j DNAT --to-destination $INTERNAL_IP
iptables -t nat -A POSTROUTING -s $INTERNAL_IP \
-j SNAT --to-source $EXTERNAL_IP
iptables -t nat -A POSTROUTING -s $INTERNAL_NET -d $INTERNAL_IP \
-j SNAT --to-source $NAT_IP
Where $NAT_IP is the external IP of your firewall. The last rule is required if you want hosts on your internal net to be able to talk to that external IP as well.
Comments:
Links to this post:
<< Home
Hi,
I tried the same thing but I amble to access internet SNAT is not working. I dont know what is going wrong?
I tried the same thing but I amble to access internet SNAT is not working. I dont know what is going wrong?
# posted by 
: 7:52 AM
: 7:52 AMLinks to this post:
<< Home
Subscribe to Posts [Atom]
Post a Comment