[Firewall] Help setting up NAT

Nathan Ekstrom nathan+arno at whiteboxdev.com
Fri Aug 24 22:36:06 CEST 2012


Also do I need to list all of my external addresses in my EXT_IF variable?
Or assign them all to the external interface?

On Fri, Aug 24, 2012 at 2:20 PM, Nathan Ekstrom <nathan+arno at whiteboxdev.com
> wrote:

> Thanks Lonnie,
>
> That helps.  Does that also make it so that outbound traffic initiated by
> 192.168.1.13 looks like it is from 55.55.55.98?  Or do I need to do
> something else for that?
>
>
> On Fri, Aug 24, 2012 at 11:06 AM, Lonnie Abelbeck <
> lists at lonnie.abelbeck.com> wrote:
>
>> Hi Nathan,
>>
>> The variables NAT_FORWARD_TCP, NAT_FORWARD_UDP and NAT_FORWARD_IP are
>> what you want.  A couple examples should get you going.
>>
>> NAT Forward packets to 55.55.55.98 from 0/0 (anyhost) into the internal
>> 192.168.1.13 host for TCP port 80 (HTTP)
>> --
>> NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13~80"
>> -- or --
>> NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13"
>> --
>>
>> NAT Forward packets to 55.55.55.100 from 0/0 (anyhost) into the internal
>> 192.168.1.14 host for TCP ports 80 and 443 (HTTP & HTTPS)
>> --
>> NAT_FORWARD_TCP="55.55.55.100#0/0~80,443>192.168.1.14"
>> --
>>
>> Lonnie
>>
>>
>>
>> On Aug 24, 2012, at 11:16 AM, Nathan Ekstrom wrote:
>>
>> > I have a 16 address subnet of static ip addresses from my ISP.  I would
>> like to use some of them and have certain machines on an internal network
>> look like they have a public ip address.  Attached is a diagram of my
>> network.
>> >
>> > All internal network interfaces have addresses in the 192.168.1 subnet.
>> The static ip addresses that I can use are in a range similar to
>> 55.55.55.98-110 while my linux router/firewall running the arno firewall
>> scripts is given an address like 56.56.56.52 for its external ip address
>> from my ISP.  I've done a tcpdump of the firewall's external adapter and
>> know that it is getting packets for addresses in my public subnet I'm just
>> having issues figuring out all the NAT rules.
>> >
>> > I would appreciate any help, links to tutorials, suggested books,
>> pretty much anything at this point as everything I've found and tried has
>> failed.
>> >
>> > Thanks
>> >
>> >
>> > <Network_Layout.jpg>_______________________________________________
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120824/32605104/attachment.html>


More information about the Firewall mailing list