Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: howto start with gateway / router / masquerading
Special Forums IP Networking howto start with gateway / router / masquerading Post 302341869 by gratuitous_arp on Thursday 6th of August 2009 07:54:36 PM
Old 08-06-2009
Santiago,

Masquerading is a form of network address translation (NAT). Outside of iptables, masquerading is also commonly called port address translation (PAT). Any packet which leaves a particular interface of the router will have its IP header modified to use the source IP address of the exit interfaced used on the router. Try looking up PAT on wikipedia for a good description.

With your configuration of iptables, any packet leaving any interface on the router should take on the address of the interface which it left. I would think hosts on both of the 172 networks would have problems with reply traffic from hosts on different networks, and nodes on the 192 network would not be able to access hosts on the 172 network but would be able to reach the Internet.

As an example, suppose a PC on the 172.16.70.0 network pings the PC on the 192 network.

When the packet hits the router and is routed to the 192 network, the packet is NATed, and its source IP address changes to 192.168.1.224. The PC on the 192 network gets the ping, and replies to it normally (with a destination IP address of 192.168.1.224).

The router forwards the packet back to the ping originator on the 172 network, but masquerades the source IP address to 172.16.70.254 as it sends it out that interface. The PC on the 172 network is waiting for a reply from 192.168.1.32 -- getting an echo reply from 172.16.70.254 would sound like bogus traffic. Thus, it never receives a reply from the 192 node and you get an error message.

Unless my thinking is fuzzy or iptables is doing something else behind the scenes, it would sound like you only want to masquerade for traffic going out of the 192 interface of the router. Try it out and see if it works as it is. If not, you can tell iptables to only masquerade for traffic leaving the 192 interface by using the '-o <INTERFACE NAME>' option within the iptables command string you posted earlier.
 

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Remote Unix printing to my WinXP works with no router. How can I make it work through my router?

I set up remote printing on a clients Unix server to my Windows XP USB printer. My USB printer is connected directly to my PC (no print server and no network input on printer). With my Win XP PC connected to my cable modem (without the router), i can do lp -dhp842c /etc/hosts and it prints. I... (7 Replies)
Discussion started by: jmhohne
7 Replies

2. Linux

GNUGK-How to setup static gateway to gateway routing

Dear Sir I am a newbie in the world of IP telephony. I have been working with Asterisk PBX (SIP) and Cisco Call Manager (MGCP) but now I am learning on how to work GNUGK for H.323 Gatekeeper. I am having a problem, configuring static call routing on GNUGK in the section ... (0 Replies)
Discussion started by: mfondoum
0 Replies

3. UNIX for Beginners Questions & Answers

Inconsistency between RedHat 6.5 global gateway and single gateway leads to loss of default gateway

Dear friends I use RedHat 6.5, which sets the gateway in the configuration file / etc / sysconfig / network as GATEWAY = 192.168.1.26, and the gateway in the configuration file / etc / sysconfig / network-scripts / ifcfg-eth11 as GATEWAY = 192.168.1.256. The two gateways are different.... (6 Replies)
Discussion started by: tanpeng
6 Replies

4. UNIX for Beginners Questions & Answers

Howto auto boot SPARC | How to auto supply "start /SYS" and "start /SP/console" commands

When I power ON my T4-1, I got a prompt -> where I have to start /SYS and start /SP/console. How can I auto supply these two commands ? (3 Replies)
Discussion started by: z_haseeb
3 Replies

LEARN ABOUT OSF1

gateways

gateways(4)						     Kernel Interfaces Manual						       gateways(4)

NAME

       gateways - Specifies Internet routing information to the routed daemon

SYNOPSIS

       /etc/gateways

DESCRIPTION

       The  /etc/gateways  file  identifies  gateways for the routed daemon.  Ordinarily, the routed daemon queries the network and builds routing
       tables.	The routed daemon builds the tables from routing information transmitted by other hosts directly connected to  the  network.  How-
       ever,  there may be gateways that this command cannot identify through its queries.  These unidentified gateways are known as distant gate-
       ways. Such gateways should be identified in the /etc/gateways file, which the routed daemon reads when it starts.

       The general format of an file entry in the /etc/gateways file is: Destination Name1 gateway Name2 metric Value Type

       The following is a brief description of each element in an /etc/gateways file entry: A keyword that indicates whether the  route  is  to  a
       network	or  to	a specific host. The two possible keywords are net and host.  The name associated with Destination.  Name1 can be either a
       symbolic name (as used in the /etc/hosts or /etc/networks file) or an Internet address specified in dotted-decimal  format.   An  indicator
       that  the following string identifies the gateway host.	The name or address of the gateway host to which messages should be forwarded.	An
       indicator that the next string represents the hop count to the destination host or network.  The hop count, or number of gateways, from the
       local  network to the destination network.  A keyword that indicates whether the gateway should be treated as active, passive, or external.
       The three possible keywords are as follows: An active gateway is treated like a network interface.  That is, it is expected to exchange RIP
       (Routing  Information  Protocol)  routing  information.	Information about it is maintained in the internal routing tables as long as it is
       active and is included in any routing information that is transmitted through RIP. If it does not respond for a period of time,	the  route
       associated  with  it  is  deleted from the internal routing tables.  A passive gateway is not expected to exchange RIP routing information.
       Information about it is maintained in the routing tables indefinitely and is included  in  any  routing	information  that  is  transmitted
       through RIP.  An external gateway is identified to inform the routed daemon that another routing process will install such a route and that
       alternative routes to that destination should not be installed. Information about external gateways is not maintained in the internal rout-
       ing tables and is not transmitted through RIP.
       Note that these routes must be to networks.

EXAMPLES

       To specify a route to a network through a gateway host with an entry in the gateways file, enter: net net2 gateway host4 metric 4 passive

	      This  example specifies a route to a network, net2, through the gateway host4. The hop count metric to net2 is 4, and the gateway is
	      treated as passive.  To specify a route to a host through a gateway host with an entry in the gateways file, enter: host host2 gate-
	      way host4 metric 4 passive

	      This  example  specifies a route to a host, host2, through the gateway host4. The hop count metric to host2 is 4, and the gateway is
	      treated as passive.  To specify a route to a host through an active Internet gateway with an entry in the gateways file, enter: host
	      host10 gateway 192.100.11.5 metric 9 active

	      This example specifies a route to a specific host, host10, through the gateway 192.100.11.5. The hop count metric to host10 is 9 and
	      the gateway is treated as active.  To specify a route to a host through a passive Internet gateway with an  entry  in  the  gateways
	      file, enter: host host10 gateway 192.100.11.5 metric 9 passive

	      This  example  specifies	a route to a specific host, host10, through the gateway 192.100.11.5.  The hop metric count to host10 is 9
	      and the gateway is treated as passive.  To specify a route to a network through an external gateway, enter a line in  the  following
	      format: net net5 gateway host7 metric 11 external

	      This  example specifies a route to a network, net5, through the gateway host7. The hop count metric to net5 is 11 and the gateway is
	      treated as external (that is, it is not advertised through RIP, but is advertised through an unspecified routing protocol).

RELATED INFORMATION

       Daemons: gated(8), routed(8) delim off

																       gateways(4)
All times are GMT -4. The time now is 05:03 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy