static NAT with iptables
This is a discussion on static NAT with iptables within the Linux Networking forums, part of the Linux Forums category; Using iptables like this: iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/24 --to-source 172....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2004
|
|||
|
|||
static NAT with iptables
Using iptables like this:
iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/24 --to-source 172.16.1.0-172.16.1.255 -o ppp0 This works, but not the way I want. The NATing occurs using "random" IP addresses in the given range. What I want is: 10.0.0.1 -> 172.16.1.1 10.0.0.2 -> 172.16.1.2 etc. This is for a VPN and if I can get iptables to do this, then FTP will work in passive mode across the link. This is a basic static NAT setup, but it seems iptables wants to be too clever. Any idea how to do what I want? tia, RR 
|
|
02-17-2004
|
|||
|
|||
|
Re: static NAT with iptables
"RR" <newspaper.20.broom@spamgourmet.com> wrote in message
news:BcaYb.62863$Wa.49234@news-server.bigpond.net.au... > Using iptables like this: > > iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/24 --to-source > 172.16.1.0-172.16.1.255 -o ppp0 > > This works, but not the way I want. The NATing occurs using "random" IP > addresses in the given range. > > What I want is: > 10.0.0.1 -> 172.16.1.1 > 10.0.0.2 -> 172.16.1.2 > etc. > > This is for a VPN and if I can get iptables to do this, then FTP will work > in passive mode across the link. [snip] I don't think there is a way unless of course --to-dest 172.17.1.0/24 works which I doubt ;o) I would have a little shell script that went from .1 to .254 and added a line for each host to map to the other host for what it's worth. Cheers, Dave.
|
|
02-20-2004
|
|||
|
|||
|
Re: static NAT with iptables
"David Cutting" <dcutting@spambuster.purplepixie.org> wrote in message news:c0u0od$a9g$1$8300dec7@news.demon.co.uk... > > I would have a little shell script that went from .1 to .254 and added > a line for each host to map to the other host for what it's worth. > Yes, that's what I had done - was looking for a better solution. Thanks for your reply. RR
|
|
02-20-2004
|
|||
|
|||
|
Re: static NAT with iptables
"RR" <newspaper.20.broom@spamgourmet.com> wrote in message
news:IxeZb.67418$Wa.13757@news-server.bigpond.net.au... > > "David Cutting" <dcutting@spambuster.purplepixie.org> wrote in message > news:c0u0od$a9g$1$8300dec7@news.demon.co.uk... > > > > I would have a little shell script that went from .1 to .254 and added > > a line for each host to map to the other host for what it's worth. > > > > Yes, that's what I had done - was looking for a better solution. Ah! That puts us in the same boat then. I'll monitor any other replies you get and see if there's a better way ;o) Cheers, Dave.
|
|
02-26-2004
|
|||
|
|||
|
Re: static NAT with iptables
/* An Infinite Number Of Primates, Pounded A Million Keyboards, And Came Up With Microsoft Code */ "David Cutting" <dcutting@spambuster.purplepixie.org> wrote in message news:c0u0od$a9g$1$8300dec7@news.demon.co.uk... | "RR" <newspaper.20.broom@spamgourmet.com> wrote in message | news:BcaYb.62863$Wa.49234@news-server.bigpond.net.au... | > Using iptables like this: | > | > iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/24 --to-source | > 172.16.1.0-172.16.1.255 -o ppp0 | > | > This works, but not the way I want. The NATing occurs using "random" IP | > addresses in the given range. | > | > What I want is: | > 10.0.0.1 -> 172.16.1.1 | > 10.0.0.2 -> 172.16.1.2 | > etc. | > | > This is for a VPN and if I can get iptables to do this, then FTP will work | > in passive mode across the link. | [snip] | | I don't think there is a way unless of course --to-dest 172.17.1.0/24 | works which I doubt ;o) | | I would have a little shell script that went from .1 to .254 and added | a line for each host to map to the other host for what it's worth. | | Cheers, | | Dave. | Have been having similar "problems" with passive ftp ports. From "Noi" @ linux.redhat.misc : #Allow passive ftp -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT May be what you are looking for (?) HTH Don
|
|
02-28-2004
|
|||
|
|||
|
Re: static NAT with iptables
The Free Electron <srambyte@cvol.net> wrote:
> Have been having similar "problems" with passive ftp ports. > From "Noi" @ linux.redhat.misc : > #Allow passive ftp > -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state > ESTABLISHED -j ACCEPT > -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state > ESTABLISHED,RELATED -j ACCEPT What on earth does port 1024 have to do with FTP. -- Cameron Kerr cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/ Empowered by Perl!
|
|
03-04-2004
|
|||
|
|||
|
Re: static NAT with iptables
"RR" <newspaper.20.broom@spamgourmet.com> wrote in message news:<IxeZb.67418$Wa.13757@news-server.bigpond.net.au>...
> "David Cutting" <dcutting@spambuster.purplepixie.org> wrote in message > news:c0u0od$a9g$1$8300dec7@news.demon.co.uk... > > > > I would have a little shell script that went from .1 to .254 and added > > a line for each host to map to the other host for what it's worth. > > > > Yes, that's what I had done - was looking for a better solution. > > Thanks for your reply. > > RR There is a better solution. there is a patchomatic solution called netmap which will let you do exactly what you want DNATing the whole class c.
|
Linear Mode
