Talk 09-07-2002 iptables

From CLUG Wiki

Warwick Duncan did most of the talking at this meeting. Abz just talked about the concept of private IP ranges and how to do network address translation (NAT). As mentioned in the talk, it all boils down to:

Source NAT

# Change source addresses to 1.2.3.4.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

# Change source addresses to 1.2.3.4, 1.2.3.5 or 1.2.3.6.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4-1.2.3.6

# Change source addresses to 1.2.3.4, ports 1-1023
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 1.2.3.4:1-1023

# Masquerade everything out ppp0. You don't need to specify source
# address, connections are forgotten when link goes down.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Destination NAT

# Send incoming port-80 web traffic to our squid (transparent) proxy
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you want to list the NAT rules which you have added, you just use this command:

iptables -L -n -t nat

Stolen from http://oasis.frogfoot.net/clug/

Retrieved from "http://wiki.clug.org.za/wiki/Talk_09-07-2002_iptables"

Talk 09-07-2002 iptables

From CLUG Wiki

Views

Personal tools

Wiki Pages

static information

Search

Toolbox