Author Topic: 1:1 NAT (Read 5352 times)

kumar · « **on:** February 27, 2008, 09:54:39 am »

I would like to translate multiple external IP's to Multiple internal Private IP's

I couldn't find 1:1 NAT configuration in EBox web interface..

I would like to know EBox is capable of doing one to one NAT..

please help me if it is possible where can i find configuration page....

thank you...

jcanfield · « **Reply #1 on:** February 27, 2008, 04:16:06 pm »

Iptables doesn't support virtual interfaces, so you can't create rules on the interfaces alias, however you will want to create the alias for the second address so iptables can manage the new address address properly.

Here's an example:

For aliases:
eth0:0 == 10.0.0.1
eth0:1 == 10.0.0.2 <--make sure you designate as external

Do this:
iptables -t nat -A PREROUTING -i eth0 -d 10.0.0.1 -j DNAT --to-destination 192.168.1.1
iptables -t nat -A PREROUTING -i eth0 -d 10.0.0.2 -j DNAT --to-destination 192.168.2.2

Note: I have not done this, but I'm very curious how this works for you. It should work "In theory"

Let me know,

-Jim

For more info:
http://www.netfilter.org/documentation/HOWTO//netfilter-double-nat-HOWTO.txt

kumar · « **Reply #2 on:** February 29, 2008, 06:36:32 am »

Hi Jim,

Thank you very much for the solution...

your solution solved 99% of my problem... now I am able to do one to one NAT...

where can I store these rules permanently.. means now if I reboot my Ebox NAT rules are getting deleted, because I entered from command line..

is there any way to store NAT rules permanently even after reboot also.. I can write a small script and put it in start-up scripts, but I am feeling that this is not right solution..

I hope you know the better solution than my solution, please help me..

Thanks for your help...

kumar..

sixstone · « **Reply #3 on:** February 29, 2008, 10:56:27 am »

You can make it permanently by appending to the sub start on Iptables.pm these two lines:

Code: [Select]

pf "-t nat -A PREROUTING -i eth0 -d 10.0.0.1 -j DNAT --to-destination 192.168.1.1"
pf "-t nat -A PREROUTING -i eth0 -d 10.0.0.2 -j DNAT --to-destination 192.168.2.2"

I hope this helps.

bunbury · « **Reply #4 on:** March 02, 2010, 05:27:19 pm »

yo hice lo que dicen aqui y no me funciono.

en realidad no es lo que quiero hacer porque aqui hablan de nat 1:1 y yo necesito hacer nat a diferentes servidores internos en la misma ip publica pero pues si por lo menos se podia 1:1 con eso me conformaba.

Tengo un enlace con 16 direcciones publicas y no logro hacer nat, si acaso puedo pero a la direccion ip de la tarjeta de red fisica.

osea que de las 16 solo puedo usar una, no se por que no puedo, con ebox logre hacer el nat a las diferentes ips pero ebox trae una parte donde asocias la direccion publica con la direccion interna a la que corresponde cosa que en ebox no se como hacerle, ya lei la documentacion pero pues asumen que solo tienes una ip publica al parecer.

ya no se que hacer, mi ultimo recurso es montar un ubuntu server e intentar hacer el gateway yo solo pero si se pudiera con ebox mejor, en lo particular me late el ebox pero no se que hacer para que funcione en mi caso.

Si alguno de ustedes pudiera ayudarme le estaria agradecido, si necesitan mas detalles solo diganme y les amplio la informacion, gracias de antemano

bunbury · « **Reply #5 on:** March 02, 2010, 05:28:48 pm »

jeje me equivoque en la parte donde puse que "con ebox pude hacer nat", quise decir untangle pero me confundi jeje gracias

Cookies usage

Author Topic: 1:1 NAT (Read 5352 times)

kumar

1:1 NAT

jcanfield

Re: 1:1 NAT

kumar

Re: 1:1 NAT

sixstone

Re: 1:1 NAT

bunbury

Re: 1:1 NAT

bunbury

Re: 1:1 NAT