[NTLUG:Discuss] How to masq a static IP with iptables?

Paul Ingendorf pauldy at wantek.net
Sat Mar 16 11:58:59 CST 2002 

try
/sbin/ifconfig eth1:1 66.76.52.1 netmask 255.255.255.0 broadcast 66.76.52.255

I would expect you to get those kind of errors with ifcfg as it has a syntax I'm not familiar with.

-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Neil Aggarwal
Sent: Saturday, March 16, 2002 12:51 AM
To: discuss at ntlug.org
Subject: RE: [NTLUG:Discuss] How to masq a static IP with iptables?


Paul:

Here is my configuration:

My RedHat 7.2 Linux box has eth0 which is connected to my 
DSL line and eth1 that is connected to an IP switch for my
internal network.

The new machine has this configuration:
IP: 66.76.52.105
Netmask: 255.255.255.0
Gateway: 66.76.52.1
Broadcast: 66.76.52.255

I plugged the new machine into my internal network.

I tried to create the additional interface on my Linux
box using this line, which is translated from yours:
ifcfg eth1:1 66.76.52.1 netmask 255.255.255.0 broadcast 66.76.52.255
I got back these error messages:
Forwarding is ON or its state is unknown (5). OK, No RDISC.
Error: an inet prefix is expected rather than "inet".
Error: failed to add 66.76.52.1 peer inet on eth1.

So, I tried just typing:
ifcfg eth1:1 66.76.52.1
I got this message:
Forwarding is ON or its state is unknown (5). OK, No RDISC.

The I typed the route command:
route -vF add -net 66.76.52.0 netmask 255.255.255.0 eth1
This did not report anything back, so I assumed it was OK.

At this point, from the new machine, I can ping machines in my
internal network, but nothing outside.  It does not seem link
the Linux box is masquerading the new machine.

As a matter of fact, now none of my internal machines can get 
out to the external network.  It is fine if I reboot the Linux
box (since it clears the additional interface and the route), but
this is definitely not the desired result.

Any suggestions?

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases


> -----Original Message-----
> From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
> Of Paul Ingendorf
> Sent: Thursday, March 07, 2002 8:52 PM
> To: discuss at ntlug.org
> Subject: RE: [NTLUG:Discuss] How to masq a static IP with iptables?
> 
> 
> Create a interface with the gateway ip of the gateway for the 
> network the machine will be on then create a default route from 
> your Linux machine to that machine subnet and allow MASQing trough it.
> 
> 
> Like so
> Your Gateway 192.168.0.1
> Your Primary Interface eth0
> New Machines ip 10.0.0.2
> New Machine netmask
> New Machines Gateway 10.0.0.1
> 
> ifconfig eth0:1 10.0.0.2 netmask 255.0.0.0 broadcast 10.255.255.255
> route -vF add -net 10.0.0.0 netmask 255.0.0.0 eth0
> 
> This should allow you to work everything like your asking and it 
> will allow it to perform almost exactly the way it would at the 
> clients site.

_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list