Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    NAT on virtual IP doens't work

    Hi there, thanks for readin this post.
    We have the following school project that I can't seems to make correctly:

    We need to make a whole subnet communicate with the internet through another subnet's gateway using iptables, with a difficulty option, only 1 NIC.

    I know its seems complicated, but it's not that bad. Please keep reading and let me explain.

    Let's say we have subnet (number 1) =, gateway

    I have another subnet (number 2)=, gateway

    Subnet 1's ( gateway doesnt have a WAN connection.
    Subnet 2's ( does.

    Which means all 192.168.1.XXX can communicate with internet, while all 10.1.2.XXX cannot.

    Not, the goal of the project is to give a possibility to NAT packet comming fomr it's subnet to, so the subnet 10.1.2.XX will have access to the internet.

    Now, since (the gateway) only have 1 NIC, we make it hold virtual IPs.
    eth0:0 = (static)
    eth0:1 = (static, begin the gateway)

    The routes are OK and I can ping correctly on both subnet.
    I can even ping the internet from eth0:0 !! (

    I tought using the following iptables command from the's machine would do the trick:

    iptables -t nat -A POSTROUTING -s -j SNAT --to-source

    But for some reason, doesnt even receive any packet from it's log, except when it's not NATed (when it comes directly from, which let me think the iptables command above doesnt work correctly.

    Any way I could fix this?

    Thanks for reading, I know it's a complicated problem !!

    (In fact, it's not that bad, I want to NAT all packet from a gateway to another, but having only 1 NIC).

  2. #2
    Linux Newbie
    Join Date
    Aug 2009
    Mumbai, India

    First, check if ip forwarding is enabled
    cat /proc/sys/net/ipv4/ip_forward
    If the value is 0 then enable it by giving the following command:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    Second, you need to have packets to be accepted by the FORWARD chain:
    iptables -I FORWARD -s -j ACCEPT
    iptables -I FORWARD -d -j ACCEPT
    POSTROUTING command seems okie.


  3. #3


    Thanks for the answer.
    For an unknown reason, still doesnt work.
    Guess I'll have to wait for the teacher's answer on this one!
    Tks a lot for your time btw.

  4. $spacer_open
  5. #4
    Linux Newbie
    Join Date
    Aug 2009
    Mumbai, India

    Just to verify, can you try pinging one of the systems in the segment from segment other than from

    While pinging, just verify that the packets count on increases for SNAT rule with the command
    iptables -t nat  -nvL
    Also check in tcpdump if the packets are being received by

    As an alternative, just add the POSTROUTING rule and set the default policy of FORWARD, OUTPUT, INPUT chains to ACCEPT with no rules listed for the respective chains.

    Last edited by syd05; 01-22-2010 at 04:02 AM. Reason: Typo error

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts