[ale] NAT And traffic redirection

Christopher Fowler cfowler at outpostsentinel.com
Thu Dec 7 12:10:18 EST 2006


I thought this trick would do it:

[cfowler at shuttle ~]$ ifconfig eth0 ;ifconfig eth0:1; ifconfig eth1
eth0      Link encap:Ethernet  HWaddr 00:30:1B:AE:AE:44
          inet addr:192.168.1.115  Bcast:192.168.1.255
Mask:255.255.255.0
          inet6 addr: fe80::230:1bff:feae:ae44/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7480278 errors:1 dropped:0 overruns:0 frame:0
          TX packets:4884304 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:574520184 (547.9 MiB)  TX bytes:3194409527 (2.9 GiB)
          Interrupt:11 Base address:0xc000

eth0:1    Link encap:Ethernet  HWaddr 00:30:1B:AE:AE:44
          inet addr:192.168.1.116  Bcast:192.168.1.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0xc000

eth1      Link encap:Ethernet  HWaddr 00:30:F1:13:6D:FA
          inet addr:192.168.9.254  Bcast:192.168.9.255
Mask:255.255.255.0
          inet6 addr: fe80::230:f1ff:fe13:6dfa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:3397 (3.3 KiB)


[cfowler at shuttle ~]$ cat masq
#!/bin/sh

INSIDE=eth1

/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A POSTROUTING -o ${INSIDE} -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 0 -d 192.168.1.116 -j
DNAT --to 192.168.9.5
/sbin/iptables -t nat -A PREROUTING -p udp --dport 0 -d 192.168.1.116 -j
DNAT --to 192.168.9.5


Any attempt to ssh to 192.168.1.116 is going to my desktop not the
server at 192.168.2.5.



On Thu, 2006-12-07 at 11:40 -0500, Christopher Fowler wrote:
> I have a Linux server at a remote location that is VPN'ed into our
> network.  Inside the VPN I've assigned it address 10.0.5.2.  I want to
> be able to access a Windows server at 192.168.7.8 that is behind that
> machine from my desktop here at home.  Is there a way I can tell that
> Linux server to send all TCP/UDP traffic that is destined to 10.0.5.3 to
> that Windows box at 192.168.7.8.  That windows box would then see
> traffic as if it was coming from 192.168.7.2 which is the ethernet
> address of that Linux server.
> 
> In this case I need to access services on that windoze machine with
> clients on my desktop but routing to 192.168.7.0 is not possible.
> Someone told me I could assign another address to that Linux server and
> that could be the virtual address for NAT for that windows machine.
> 
> Chris
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale




More information about the Ale mailing list