Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Daniel Newman2012-09-10 07:23:08
linux
Daniel Newman, 2012-09-10 07:23:08

How to configure iptables to go from local to global?

There is one public IP and a network of virtual machines on Debian

# network interface settings
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
    address   175.219.59.209
    gateway   175.219.59.193
    netmask   255.255.255.224
    post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

And here is my network in two configuration options:
auto vmbr0
iface vmbr0 inet static
    address   10.10.0.1
    netmask   255.255.0.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up ip route add 10.10.0.1/24 dev vmbr0

Here I can afford to go to the Internet, update packages and other joys of a sinful life,
but I don’t see my neighbors on the 10.10.11.0/24 network point-blank (all requests go to the Internet)

But in this option I can communicate wonderfully with neighboring machines 10.10.11.0/24 but no
internet:
auto vmbr1
iface vmbr1 inet static
    address   10.10.0.1
    netmask   255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING  -s '10.10.0.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/24' -o vmbr1 -j MASQUERADE

Here's a rule made up sometime between 5 and 6 AM/AM:
iptables -t nat -A POSTROUTING ! -d '10.10.11.0/24' -j SNAT --to-source '175.219.59.209'

It describes my inner impulse to send all packets with addresses outside the 10.10.11.0/24 network through NAT to eth0.

And how to do it right?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Ruma7a, 2012-09-10
@Ruma7a

What kind of virtual machine do you have there? Some kind of hypervisor?
Is this the adapter configuration on the gateway? What you wanted to do in the last rule is correctly done:
* enable NAT on the host:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

where eth0 is a network card that looks to the Internet
* by enabling forwarding on the host
sysctl -p net.ipv4.ip_forward="1"

* specifying the gateway (gateway) in the client's network adapter configuration:
auto  eth0
iface eth0 inet static
    address   10.10.0.2
    gateway   10.10.0.1
    netmask   255.255.255.0

Report
G
Gregory, 2012-09-10
@gvas_ru

All outgoing packets from interface eth0:
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 175.219.59.209
Don't forget:
If the interface MTUs don't match:
$IPTABLES -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Similar questions
A
Anton Kurilov2017-08-08 15:38:07
How to move one flexbox? 3Reply
V
Vasiliy_M2018-01-17 10:24:07
Do I need to specify vendor_name/package_name when creating a package? 1Reply
N
Nikita Andreevich2019-12-27 15:16:53
Why do browsers and VSCode slow down? 1Reply
K
Khaybulla Musaev2015-08-23 01:41:39
Document_root on the /home/username/srv folder persistently produces a 403 error. What am I doing wrong? 4Reply
S
Sergey2015-08-23 21:07:04
How to remove a space from the beginning of a string in a bash variable? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question