SNAT

Hello all,

I have a network with a few public IP's on it and a few private IP's on
it. Up until now it has been completely private but we have recently
introduced some public IP addresses. Here's the setup

eth0 -> 192.168.3.1 (255.255.255.0)
200.101.4.1 (255.255.255.128)

ppp0 -> 200.101.5.100 (255.255.255.255)

(the IP's above are not actually mine, I'm sorry if they happen to be
yours ;-)

Anyways, if I have a machine that is hooked up to eth0 with an IP of
200.101.4.2, all the traffic from it becomes source NATed. Running a
"what's my IP" check on the net returns an address of 200.101.5.100
(ppp0's IP address).

How do I make iptables SNAT only on 192.168.3.0/24 and not on
200.101.4.0/25?

Thanks in advance,
Kevin Brown.

On 2005-07-06, Kevin Brown <-NOSPAM-itismekevinb-NOSPAM-@hotmail.com> wrote:
> Hello all,
>
> I have a network with a few public IP's on it and a few private IP's on
> it. Up until now it has been completely private but we have recently
> introduced some public IP addresses. Here's the setup
>
> eth0 -> 192.168.3.1 (255.255.255.0)
> 200.101.4.1 (255.255.255.128)
>
> ppp0 -> 200.101.5.100 (255.255.255.255)
>
> (the IP's above are not actually mine, I'm sorry if they happen to be
> yours ;-)
>
> Anyways, if I have a machine that is hooked up to eth0 with an IP of
> 200.101.4.2, all the traffic from it becomes source NATed. Running a
> "what's my IP" check on the net returns an address of 200.101.5.100
> (ppp0's IP address).
>
> How do I make iptables SNAT only on 192.168.3.0/24 and not on
> 200.101.4.0/25?
>
iptables -t nat -I POSTROUTING \
-o ppp0 -s 192.168.3.1/24 -d ! 192.168.3.1/24 \
-j SNAT --to-source 200.101.5.100

Should do it Notice you specify more precisely what you want NAT'ed; I'm
guessing you have a 'catchall' SNAT rule in there

Cheers

Alex

> Thanks in advance,
> Kevin Brown.