Find the answer to your Linux question:
Results 1 to 4 of 4
Hi there, thanks for readin this post. We have the following school project that I can't seems to make correctly: We need to make a whole subnet communicate with the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2009
    Posts
    10

    NAT on virtual IP doens't work


    Hi there, thanks for readin this post.
    We have the following school project that I can't seems to make correctly:

    We need to make a whole subnet communicate with the internet through another subnet's gateway using iptables, with a difficulty option, only 1 NIC.

    I know its seems complicated, but it's not that bad. Please keep reading and let me explain.


    Let's say we have subnet (number 1) = 10.1.2.0/24, gateway 10.1.2.1.

    I have another subnet (number 2)= 192.168.1.0/24, gateway 192.168.1.1

    Subnet 1's (10.1.2.1) gateway doesnt have a WAN connection.
    Subnet 2's (192.168.1.1) does.

    Which means all 192.168.1.XXX can communicate with internet, while all 10.1.2.XXX cannot.


    Not, the goal of the project is to give 10.1.2.1 a possibility to NAT packet comming fomr it's subnet to 192.168.3.1, so the subnet 10.1.2.XX will have access to the internet.


    Now, since 10.1.2.1 (the gateway) only have 1 NIC, we make it hold virtual IPs.
    eth0:0 = 192.168.1.35 (static)
    eth0:1 = 10.1.2.1 (static, begin the 10.1.2.0/24 gateway)

    The routes are OK and I can ping correctly on both subnet.
    I can even ping the internet from eth0:0 !! (192.168.1.35)


    I tought using the following iptables command from the 10.1.2.1's machine would do the trick:

    iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -j SNAT --to-source 192.168.1.35

    But for some reason, 192.168.1.1 doesnt even receive any packet from it's log, except when it's not NATed (when it comes directly from 192.168.1.35), which let me think the iptables command above doesnt work correctly.


    Any way I could fix this?

    Thanks for reading, I know it's a complicated problem !!

    (In fact, it's not that bad, I want to NAT all packet from a gateway to another, but having only 1 NIC).

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    96
    Hi,

    First, check if ip forwarding is enabled
    Code:
    cat /proc/sys/net/ipv4/ip_forward
    If the value is 0 then enable it by giving the following command:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    Second, you need to have packets to be accepted by the FORWARD chain:
    Code:
    iptables -I FORWARD -s 10.1.2.0/24 -j ACCEPT
    iptables -I FORWARD -d 10.1.2.0/24 -j ACCEPT
    POSTROUTING command seems okie.

    --Syd

  3. #3
    Just Joined!
    Join Date
    Jan 2009
    Posts
    10

    Re:

    Thanks for the answer.
    For an unknown reason, still doesnt work.
    Guess I'll have to wait for the teacher's answer on this one!
    Tks a lot for your time btw.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    96
    Hi,

    Just to verify, can you try pinging one of the systems in the 192.168.1.0 segment from 10.1.2.0 segment other than from 10.1.2.1

    While pinging, just verify that the packets count on 10.1.2.1 increases for SNAT rule with the command
    Code:
    iptables -t nat  -nvL
    Also check in tcpdump if the packets are being received by 10.1.2.1

    As an alternative, just add the POSTROUTING rule and set the default policy of FORWARD, OUTPUT, INPUT chains to ACCEPT with no rules listed for the respective chains.

    --Syd
    Last edited by syd05; 01-22-2010 at 03:02 AM. Reason: Typo error

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •