www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Outbound NAT to a specific IP

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 22

PostPosted: Wed Dec 15, 2010 7:26 pm    Post subject: Outbound NAT to a specific IP Reply with quote

Hello all,

Another question, can someone assist me in setting up a Source NAT address. I have several IP's on ETH1 and have them forwarding certain ports in teh Virtual Server interface to inside host.

now, I am needing traffic that initiates from those hosts to go out the same external address.

Basically, 3 private host, needs to all go out 3 different external IP's on ETH1.

any help.. would this be Source Nating?

Kou
Back to top
View user's profile Send private message
777maxism



Joined: 19 May 2010
Posts: 24

PostPosted: Wed Dec 15, 2010 9:23 pm    Post subject: Reply with quote

If I understand correctly then this is what you need.
Zahodish (Startup / Krohn) there choose section (NAT and Virtual Servers) and Enable section, insert the rules, change the value of their own, at the end restart Zeroshell.


# incoming rules
iptables -t nat -I PREROUTING 1 -d 9.9.9.1 -i ETH00.771 -j DNAT --to-destination 10.55.0.62
iptables -t nat -I PREROUTING 1 -d 9.9.9.2 -i ETH00.771 -j DNAT --to-destination 10.55.0.57
iptables -t nat -I PREROUTING 1 -d 9.9.9.3 -i ETH00.771 -j DNAT --to-destination 10.55.0.172


# Outgoing rules
iptables -t nat -I POSTROUTING 1 -s 10.55.0.62 -o ETH00.771 -j SNAT --to-source 9.9.9.1
iptables -t nat -I POSTROUTING 1 -s 10.55.0.57 -o ETH00.771 -j SNAT --to-source 9.9.9.2
iptables -t nat -I POSTROUTING 1 -s 10.55.0.172 -o ETH00.771 -j SNAT --to-source 9.9.9.3
Back to top
View user's profile Send private message
777maxism



Joined: 19 May 2010
Posts: 24

PostPosted: Wed Dec 15, 2010 9:45 pm    Post subject: Reply with quote

Yes, I almost forgot in the beginning need to add IP address on an interface.

ETH00 1000Mb/s Full Duplex
Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) UP
VLAN: 771 (Inet_1)
9.9.9.1 255.255.255.0
9.9.9.2 255.255.255.0
9.9.9.3 255.255.255.0

In (Net Balancer) to prescribe rules for the Local IP and send them to the appropriate interface.
* * MARK all opt -- in * out * 10.55.0.62 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)
* * MARK all opt -- in * out * 10.55.0.57 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)
* * MARK all opt -- in * out * 10.55.0.172 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)
Back to top
View user's profile Send private message
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 22

PostPosted: Wed Dec 15, 2010 9:46 pm    Post subject: Clarification Reply with quote

Thank you for your guidance. I do have more questions to get clarification,

1. in your examples, does ETH00.771 refer to the inside interface or outside?
2. do I need to have both rules or can I just do the outgoing? I am not needing all the TCP/UDP to be forwarded. I already have it inbound setup already.

Thanks again,

Kou
Back to top
View user's profile Send private message
777maxism



Joined: 19 May 2010
Posts: 24

PostPosted: Wed Dec 15, 2010 9:49 pm    Post subject: Reply with quote

up
Back to top
View user's profile Send private message
ivfr



Joined: 28 Oct 2014
Posts: 1

PostPosted: Tue Oct 28, 2014 3:08 pm    Post subject: Reply with quote

I try to do source natting with Zeroshell 3.1 as well.

As far as I can see, this is not possible to configure in the ui.
I know to configure iptables on a normal Linux system, but I don't understand the answer of 777maxism:

What does mean
Quote:
Zahodish (Startup / Krohn)there choose section (NAT and Virtual Servers) and Enable section, insert the rules, change the value of their own, at the end restart Zeroshell.

The first bold part I do not understand.
Back to top
View user's profile Send private message
redfive



Joined: 27 Aug 2009
Posts: 232

PostPosted: Tue Oct 28, 2014 6:54 pm    Post subject: Reply with quote

You can put your nat custom rules in "SYSTEM,Setup,Scripts/Cron, NAT and Virtual Servers script", and then enable the script.
Regards
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group