Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [SLE] NAT (the solution)
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Fri, 07 Jul 2006 09:36:44 -0600
  • Message-id: <44AE7F8C.5010504@xxxxxxxxxxxxx>
On 07/07/06 08:56, Gerold van Dijk wrote:
>
> ----- Original Message ----- From: "Darryl Gregorash"
> <raven@xxxxxxxxxxxxx>
> To: <gerold@xxxxxxxxxxxx>
> Sent: Thursday, July 06, 2006 7:25 PM
> Subject: Re: [SLE] NAT
>
>
>> On 03/07/06 04:11, Darryl Gregorash wrote:
>>> On 02/07/06 17:07, Gerold van Dijk wrote:
>>>
>>>> I used YaST2 to configure 2 network interfaces under SuSE 10.0, to be
>>>> functioning as an Internet Gateway for my LAN.
>>>>
>>>> I enabled IP Forwarding, checked the IP addresses and the Firewall
>>>> settings, but it will NOT do the NAT job!
>>>>
>>>>
>>>>
>>> It doesn't work because you are not forwarding, you want to masquerade
>>> the internal network.
>>>
>>> Turn on FW_ROUTE and FW_MASQUERADE, set FW_MASQ_DEV (usually this will
>>> be set to $FW_DEV_EXT), and specify the subnets that are to be
>>> masqueraded in FW_MASQ_NETS, eg 192.168.1.0/24.
>>>
>>>
>>>
>> Did you get this problem resolved?
>>
>
> Yes I got it solved but I had to run a script (from with) in
>
> /etc/init.d/after.local
>
> with the following content
>
> echo '1' > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.253.5.78
>
> and I had to Disable/stop (Manually start) the standard Firewall in
> YaST2 and do a
>
> Reboot
>
If you really need this, then the best place to put your postrouting
command is in the fw_custom_before_denyall function within the custom
rules script (variable FW_CUSTOMRULES in the firewall configuration).
Also set FW_ROUTE to "yes" in Yast/sysconfig
editor/Network/Firewall/SuSEfirewall2 (this option overrides the
IP_FORWARD variable in Yast/sysconfig editor/Network/General).

However, I really do believe that what you are doing can be achieved by
simple IP masquerading, as I have outlined. The settings I mentioned
previously are all that I have ever used to allow an internal network to
communicate successfully with the internet.

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >