Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Masquerading question
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Lucho[FLCL]
Apprentice
Apprentice


Joined: 02 Dec 2003
Posts: 245
Location: Buenos Aires - Argentina
PostPosted: Wed Feb 11, 2004 4:02 pm    Post subject: Masquerading question Reply with quote
I'm using a firewall between two networks (it's just a Gentoo Linux w/iptables...) (192.168.11.0 and 192.168.0.0). I'm using masquerading because the 192.168.11.0 net has another 192.168.0.0 net linked to it and it cannot be changed because it is a client's LAN (accessed through VPN). Everything works fine.

The problem is that the machine I'm connecting to accepts only 1 incoming connection per IP address. With masquerading, all the connections go out with the same IP address...so...
The question is, is there any way to use a range of addresses instead of just one? (I don't think so, but I wanted to ask anyway....)

Thank you very much for your help
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
PostPosted: Wed Feb 11, 2004 4:23 pm    Post subject: Reply with quote
I think there is a way using NAT to re-write an IP address from one network to another IP address on a different network.

Try something like

Code:

$IPT -t nat -A POSTROUTING -s 192.168.0.13 -i $IN_DEV-o $OUT_DEV -j SNAT --to-source 192.168.11.13


This should (although I make no guarantees about this) map requests on $IN_DEV from 192.168.0.13 to the outside world look like they come from 192.168.11.13. You will have to set up $OUT_DEV (the device connected to the 192.168.11.* network) to use multiple ip address aliases. You will also need one iptables line per ip address to be remapped.

Check the iptables man page, especially for stuff on SNAT.
_________________
Back off man, I'm a computer scientist
Back to top
View user's profile Send private message
Lucho[FLCL]
Apprentice
Apprentice


Joined: 02 Dec 2003
Posts: 245
Location: Buenos Aires - Argentina
PostPosted: Wed Feb 11, 2004 4:29 pm    Post subject: Reply with quote
Thank you, it may be interesting to try that....

Anyway, is there something like that but automagical?

At least a way to pipe that thing with a script/program...that way I could make the conversion based on source IP address....but that sounds like fantasy...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy