IPTables NAT

ceicke · n00b Joined: 20 Jul 2006 Posts: 23 Location: DE, Hamburg

Hi,

I have the following problem that I can't seem to fix.

I have two networks at hand: 192.168.2.0/24 and 192.168.4.0/24. Between the two networks I would like to do some sort of NATing, so that in network 192.168.2.0/24, host 192.168.4.X appears as 192.168.2.X and vice verca.

Unfortunately, SNAT doesn't allow the following thing:

xtz · Posted: Wed Apr 29, 2009 1:09 pm Post subject:

If you just want the two networks to be able to access each other, enable the IP forwarding in /etc/sysctl.conf

ceicke · n00b Joined: 20 Jul 2006 Posts: 23 Location: DE, Hamburg

Well, of course that's what I want and that's happening already. At this point I'm doing masquerading, but let me stress this point again: I specifically want this IP mapping and not in the way that everything appears to come from one IP (which is happening in the case of doing masquerading).

szmytson · n00b Joined: 29 Apr 2009 Posts: 20 Location: UK

Hi,

I guess there is no smart way to achieve this...

The manual way would be something like this:

xtz · Posted: Wed Apr 29, 2009 2:05 pm Post subject:

AFAIK, u cannot SNAT a whole network just like this. I think a single rule is needed to SNAT from each separate address to anothe separate one.

Mad Merlin · Veteran Joined: 09 May 2005 Posts: 1155

Is there a reason you're not just using a 192.168.0.0/16 network? Then all machines could talk directly to eachother.

Anyways, with the NETMAP target I think you can do what you're hoping for: