[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    2 nat'd routes; is this correct?
From:       "Matt" <matt () warezstein ! com>
Date:       2000-07-27 16:44:48
[Download RAW message or body]

If somebody could clarify that this is correct.. i would very much
appreciate it.  I have a nat box with 3 nics.
- my intenral network is 172.16.40.0
- external network i need to reach is 172.20.176.0.  they are reaching some
of my inside services through nat
- external network #2 is 192.168.163.0.  they are also reaching some of my
inside services through nat

Obviously, when i go out to the 172.20.176.0 network, i want it to seem as
originating from 172.20.176.2 (nic on the linux box), and the same for
network#2; when i go out to 192.168.163.0, i want to seem like its coming
from 192.168.163.2.

Is the following all i need? is this very unsecure or?

my nic config in the linux machine
- 172.16.40.11 eth0
- 172.20.176.3 eth1
- 192.168.163.2 eth2

# rc.nat script
ifconfig eth1:2 172.20.176.2 netmask 255.255.255.0
ifconfig eth1:4 172.20.176.4 netmask 255.255.255.0
ifconfig eth2:3 192.168.163.3 netmask 255.255.255.0

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -A PREROUTING -t nat -p tcp -d 172.20.176.2 -j DNAT --to
172.16.40.2
iptables -A PREROUTING -t nat -p tcp -d 172.20.176.4 -j DNAT --to
172.16.40.4
iptables -A PREROUTING -t nat -p tcp -d 192.168.163.3-j DNAT --to
172.16.40.3

thanks a bunch
matt

[prev in list] [next in list] [prev in thread] [next in thread]