Our office network is as below.
| Linux Box |
-- E1 line -- | eth0
| eth1 | ---------- office
pc, demo pc
-- Cable line-| eth2 |
eth0: GW 211.104.XXX.94, ip 211.104.xxx.67, netmask 255.255.255.224
eth2: dhcp
eth1: GW 192.168.1.1 ip 192.168.1.1 netmask 255.255.255.0
In my office, some demo server and pc need to use public ip. Of course, it's
very easy. Only using iptables DNAT table.
But someone request me to set the firewall to connect demo pc by using
public ip in our office.
So I have used some tricks on the iptables.
1:iptables -t nat -A PREROUTING -d demopc's public ip -i eth 0 -j DNAT --to
demopc's private ip.
2: iptables -t nat -A PREROUTING -d demopc's public ip -i eth 1 -j DNAT --to
demopc's private ip.
3: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -o
eth0 -j SNAT --to 211.104.xxx.67
4: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -o
eth1 -j SNAT --to 211.104.xxx.67
2, 4 table is added for connecting to demo server by using public ip. In
other word, all pc connect to server in the condition of SNAT base.
is there any problem?
--
==================================
Cybermed,Inc
Assistant manager of marketing team
Jiwon, Han
Tel: 82-2-545-4282
Fax: 82-2-545-6042
E-Mail:
(E-Mail Removed)
Homepage:
www.cybermed.co.kr
===================================
Similar Threads
Linear Mode
