----- Original Message ----- From: "Darryl Gregorash" <raven@accesscomm.ca> To: <gerold@sicon-sr.com> Sent: Thursday, July 06, 2006 7:25 PM Subject: Re: [SLE] NAT
On 03/07/06 04:11, Darryl Gregorash wrote:
On 02/07/06 17:07, Gerold van Dijk wrote:
I used YaST2 to configure 2 network interfaces under SuSE 10.0, to be functioning as an Internet Gateway for my LAN.
I enabled IP Forwarding, checked the IP addresses and the Firewall settings, but it will NOT do the NAT job!
It doesn't work because you are not forwarding, you want to masquerade the internal network.
Turn on FW_ROUTE and FW_MASQUERADE, set FW_MASQ_DEV (usually this will be set to $FW_DEV_EXT), and specify the subnets that are to be masqueraded in FW_MASQ_NETS, eg 192.168.1.0/24.
Did you get this problem resolved?
Yes I got it solved but I had to run a script (from with) in /etc/init.d/after.local with the following content echo '1' > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.253.5.78 and I had to Disable/stop (Manually start) the standard Firewall in YaST2 and do a Reboot Gerold -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On 07/07/06 08:56, Gerold van Dijk wrote:
----- Original Message ----- From: "Darryl Gregorash" <raven@accesscomm.ca> To: <gerold@sicon-sr.com> Sent: Thursday, July 06, 2006 7:25 PM Subject: Re: [SLE] NAT
On 03/07/06 04:11, Darryl Gregorash wrote:
On 02/07/06 17:07, Gerold van Dijk wrote:
I used YaST2 to configure 2 network interfaces under SuSE 10.0, to be functioning as an Internet Gateway for my LAN.
I enabled IP Forwarding, checked the IP addresses and the Firewall settings, but it will NOT do the NAT job!
It doesn't work because you are not forwarding, you want to masquerade the internal network.
Turn on FW_ROUTE and FW_MASQUERADE, set FW_MASQ_DEV (usually this will be set to $FW_DEV_EXT), and specify the subnets that are to be masqueraded in FW_MASQ_NETS, eg 192.168.1.0/24.
Did you get this problem resolved?
Yes I got it solved but I had to run a script (from with) in
/etc/init.d/after.local
with the following content
echo '1' > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.253.5.78
and I had to Disable/stop (Manually start) the standard Firewall in YaST2 and do a
Reboot
If you really need this, then the best place to put your postrouting command is in the fw_custom_before_denyall function within the custom rules script (variable FW_CUSTOMRULES in the firewall configuration). Also set FW_ROUTE to "yes" in Yast/sysconfig editor/Network/Firewall/SuSEfirewall2 (this option overrides the IP_FORWARD variable in Yast/sysconfig editor/Network/General). However, I really do believe that what you are doing can be achieved by simple IP masquerading, as I have outlined. The settings I mentioned previously are all that I have ever used to allow an internal network to communicate successfully with the internet. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (2)
-
Darryl Gregorash -
Gerold van Dijk