Oh dear folks, please help me! My eyes seem to be blind regarding this
simple issue!
I am stuck with a small problem and I can't see, why it doesn't work.
Maybe it generally can't work and I've some lack of basic knowledge or I
am just too blind, I simply don't know!
I have a firewall box here with four physical interfaces, two of them
build a bridge br0. Clients which are located on the bridged network
(10.121.64.0/24) have their default gateway pointing to br0's IP on that
firewall (10.121.64.15). So far so good, routing between my networks
works well and I can block every connection. But now, I would like to
masquerade the net 10.121.64.0/24 behind a designated IP of my public
net (134.x.y.133 on eth0:1).
Fwbuilder produces these NAT rule for me (a snippet):
$IPTABLES -t nat -N Cid4295FEE0.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 10.121.64.0/24 -j Cid4295FEE0.0
$IPTABLES -t nat -A Cid4295FEE0.0 -d 134.x.y.0/24 -j RETURN
$IPTABLES -t nat -A Cid4295FEE0.0 -d 10.121.64.0/24 -j RETURN
$IPTABLES -t nat -A Cid4295FEE0.0 -d 10.0.0.0/8 -j RETURN
$IPTABLES -t nat -A Cid4295FEE0.0 -o eth0 -j SNAT --to-source 134.x.y.133
Eth0 is the interface, where the net 134.x.y.0/24 is. Well, I don't see
any mistakes, but tcpdump on the firewall box shows me that packages go
from 10.121.64.sth to arbitrary IPs out there in the internet without
any NATting. Maybe the bridging where inbound packages come in from
local net is a problem? Do I need to do some ebtables voodoo? Do the
RETURN rules sabotage my attempt? Am I blind!? Heeelp!! :-)
Please rescue me! :-)
Wollie
|
Similar Threads
Linear Mode
