[Firewall] Help setting up NAT

Nathan Ekstrom nathan+arno at whiteboxdev.com
Fri Aug 24 22:20:58 CEST 2012


Thanks Lonnie,

That helps.  Does that also make it so that outbound traffic initiated by
192.168.1.13 looks like it is from 55.55.55.98?  Or do I need to do
something else for that?

On Fri, Aug 24, 2012 at 11:06 AM, Lonnie Abelbeck <lists at lonnie.abelbeck.com
> wrote:

> Hi Nathan,
>
> The variables NAT_FORWARD_TCP, NAT_FORWARD_UDP and NAT_FORWARD_IP are what
> you want.  A couple examples should get you going.
>
> NAT Forward packets to 55.55.55.98 from 0/0 (anyhost) into the internal
> 192.168.1.13 host for TCP port 80 (HTTP)
> --
> NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13~80"
> -- or --
> NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13"
> --
>
> NAT Forward packets to 55.55.55.100 from 0/0 (anyhost) into the internal
> 192.168.1.14 host for TCP ports 80 and 443 (HTTP & HTTPS)
> --
> NAT_FORWARD_TCP="55.55.55.100#0/0~80,443>192.168.1.14"
> --
>
> Lonnie
>
>
>
> On Aug 24, 2012, at 11:16 AM, Nathan Ekstrom wrote:
>
> > I have a 16 address subnet of static ip addresses from my ISP.  I would
> like to use some of them and have certain machines on an internal network
> look like they have a public ip address.  Attached is a diagram of my
> network.
> >
> > All internal network interfaces have addresses in the 192.168.1 subnet.
> The static ip addresses that I can use are in a range similar to
> 55.55.55.98-110 while my linux router/firewall running the arno firewall
> scripts is given an address like 56.56.56.52 for its external ip address
> from my ISP.  I've done a tcpdump of the firewall's external adapter and
> know that it is getting packets for addresses in my public subnet I'm just
> having issues figuring out all the NAT rules.
> >
> > I would appreciate any help, links to tutorials, suggested books, pretty
> much anything at this point as everything I've found and tried has failed.
> >
> > Thanks
> >
> >
> > <Network_Layout.jpg>_______________________________________________
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120824/c652387f/attachment.html>


More information about the Firewall mailing list