SNAT DNAT ??

Protecting your Linux box
sevensins
Havaldaar
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
Location: PAKISTAN
Contact:

SNAT DNAT ??

Postby sevensins » Thu Oct 13, 2005 6:16 pm

Regards,

-----------------------------------------------------------------
A wise monkey never monkies w/ another monkey's monkey!

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: SNAT DNAT ??

Postby lambda » Fri Oct 14, 2005 9:17 pm


sevensins
Havaldaar
Posts: 117
Joined: Tue Apr 13, 2004 1:45 pm
Location: PAKISTAN
Contact:

Postby sevensins » Sat Oct 15, 2005 9:44 pm

Regards,



-----------------------------------------------------------------

A wise monkey never monkies w/ another monkey's monkey!

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sun Oct 16, 2005 7:24 pm

Farrukh Ahmed

syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

Help me

Postby syed » Tue Apr 25, 2006 4:51 pm

Mr. Shahzad AOA ,

Can u help me , because I am working for the same solution but not getting any results: my configurations as similar to yours with slight change as shown below:
ifconfig eth0:1 202.52.196.10 netmask 255.255.255.0
ifconfig eth0:2 202.52.196.11 netmask 255.255.255.0
ifconfig eth0:3 202.52.196.12 netmask 255.255.255.0

iptables -t nat -A PREROUTING -d 202.52.193.10 -j DNAT --to-destination 190.1.5.10
iptables -t nat -A POSTROUTING -s 190.1.5.10 -j SNAT --to-source 202.52.196.10

iptables -t nat -A PREROUTING -d 202.52.193.11 -j DNAT --to-destination 190.1.5.11
iptables -t nat -A POSTROUTING -s 190.1.5.11 -j SNAT --to-source 202.52.196.11

iptables -t nat -A PREROUTING -d 202.52.193.12 -j DNAT --to-destination 190.1.5.12
iptables -t nat -A POSTROUTING -s 190.1.5.12 -j SNAT --to-source 202.52.196.12

I have also enabled forwarding on my Linux box , but my clients are not able to access the internet.

Slight difference is that u have used just "--to " but I have used "to-source" in SNAT section. So is this the reason for my failure. and u also mentioned about Lan card problem , what is that in fatc? If u guide me I will remain thankful to u.

Best Wishes

Syed Mohammad Raza

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Wed Apr 26, 2006 12:54 pm

Dear syed,
Salam,

Try this rule it will solve your problem.

# iptables -t -nat -A POSTROUTING -o eth0 -j MASQUREDE

Best Regards.
Farrukh Ahmed

syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

ok

Postby syed » Wed Apr 26, 2006 5:42 pm

AOA 2 ALL

I think this rule is used if we get dynamic ip (DHCP server assigns ip to our machine/firewall)correct me if i am wrong !!!!!!


Best Wishes

Syed Mohammad Raza

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Fri Apr 28, 2006 11:53 am

--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re: ok

Postby LinuxFreaK » Sat Apr 29, 2006 8:29 am

Farrukh Ahmed

syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

OK

Postby syed » Tue May 09, 2006 12:44 pm

AOA ,
Mr. Bukhari ,

OK if i use you suggested commands and ip tables rules i mentioned then will it work for my purpose?????????????
id not then what else I need to modify?

Waiting for a prompt and kind response!!

"May All U be Under the Shelter Of Allah"


Syed Mohammad Raza

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: OK

Postby lambda » Tue May 09, 2006 1:29 pm


syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

Cooooooooool

Postby syed » Wed May 10, 2006 3:09 pm

AOA 2 all

what is ur name i dont know , but cooooooooooooooool down!!!
In fact we have got a live network so It is difficult to make a test , I have already made an attempt and arranged for testing but failed but doing or arranging again for testing is a big problem so I need to make sure what exactly is needed.Ok people dont have access to my network but they may have experienced same situation which I am.

So if u r hearted then I am really sorry for that!!!

"May All U be Under Shelter of Allah"

Syed Mohammad Raza[/quote]

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: Cooooooooool

Postby lambda » Wed May 10, 2006 3:30 pm


syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

Ok

Postby syed » Wed May 10, 2006 3:55 pm


syed
Subedar Major
Posts: 439
Joined: Thu Jul 28, 2005 3:51 pm

ok

Postby syed » Mon May 15, 2006 2:28 pm



Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests