[UFO Chicago] NAT in 2.6
d.w. harks
dave at psys.org
Tue Mar 1 22:13:48 CST 2005
With carefully-arranged electrons, Ian Bicking wrote:
> Hi UFOers. Long time no see. But I fear I come to you with ulterior
> motives.
>
> In some upgrade on my Debian Unstable box my 2.4 kernel broke with
> respect to my sound card, upsetting my otherwise happy world. After
> trying all sorts of things, I eventually got a 2.6 stock Debian kernel
> to work with the sound card. But then my NAT stopped working. I think
> that's all changed for 2.6, so maybe I just need to revisit it entirely.
> So I come to you!
>
> Right now I have a script in /etc/init.d/ipmasq, that just runs
> /usr/sbin/ipmasq, and I think by some magic I configured it at one time,
> though the stuff in /etc/ipmasq certainly isn't my doing. I don't want
> to do anything fancy, just simple NAT, not passing through any incoming
> connections, very simple. What's the best way to go about this? There
> seems to be a couple packages in Debian, and maybe more if I knew what
> the proper term was these days (like: did ipchains obsolete iptables, or
> the other way around?)
>
> So what you recommend?
>
> Thanks...
You're looking for netfilter, the command-line for which is iptables.
NATting is done by adding rules to the new nat chain, like so:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
In short, add a rule that says "after all routing rules have completed, take
any packets going out on eth0 and change their source address to 1.2.3.4.
The rest is standard firewall stuff; block incoming packets, forward your
ports, etc.
Keep in mind that you might need to load a few modules that you didn't need
to load on 2.4 in order to make this work. That stuff's all in the netfilter
HOWTO on www.netfilter.org/documentation .
Good luck.
d
--
David W. Harks <dave at psys.org> http://www.pseudointellect.com
More information about the ufo
mailing list