[NTLUG:Discuss] NAT -almost
Richard Geoffrion
richard at rain.lewisville.tx.us
Wed Mar 28 00:09:45 CST 2001
I found this site ( http://www.linuxports.com/howto/networking/x1522.htm )
that discussed what I thought was going to be the answer to the one-to-one
NAT thang! In practice it didn't work. Well, *I* didn't get it working
anyway...
Here's a snippet of what I read.
<snip>
Now, to translate addresses of incoming datagrams, the following command is
used:
ip route add nat <ext-addr>[/<masklen>] via <int-addr>
This will make an incoming packet destined to "ext-addr" (the address
visible from outside Internet) to have its destination address field
rewritten to "int-addr" (the address in your internal network, behind your
gateway/firewall). The packet is then routed according to the local routing
table. You can translate either single host addresses or complete blocks.
Examples:
ip route add nat 195.113.148.34 via 192.168.0.2
ip route add nat 195.113.148.32/27 via 192.168.0.0
The First command will make internal address 192.168.0.2 accessible as
195.113.148.34. The second example shows remapping block 192.168.0.0-31 to
195.113.148.32-63.
</snip>
So here is what I did (AFTER upgrading the kernel to 2.2.18 and locating
and successfully compiling the source for the IPROUTE2 command, ip
(http://ftp.sunet.se/ftp/pub/network/ip-routing/iproute2-current.tar.gz))
<example>
>ip route add 64.218.3.106/32 via 10.1.61.3
>ip route list
64.218.3.107 via 10.1.61.3 dev eth1
64.218.3.104/29 dev eth0 proto kernel scope link src 64.218.3.105
10.1.61.0/24 dev eth1 scope link
10.1.61.0/24 dev eth1 proto kernel scope link src 10.1.61.251
64.0.0.0/8 dev eth0 proto kernel scope link src 64.218.3.105
127.0.0.0/8 dev lo scope link
default via 64.218.3.110 dev eth0 metric 1
</example>
Of course pinging 64.218.3.107 from outside the network didn't work. I
didn't expect pinging from inside the network to work..and it didn't either.
Any ideas?
More information about the Discuss
mailing list