Nat depending on dst ip?

D

Denis Sechin2018-05-31 09:47:09

Computer networks

Denis Sechin, 2018-05-31 09:47:09

Good afternoon, there is a ubuntu router scheme, 2 vlans, a local subnet in vlan2 will be connected to the Internet through its white IP. Now we need to make access to an internal resource that is not available from outside. Those. was reached to the vlan router through the gateway of which the internal resource is available. But, it is available only from the resource IP that is stuffed in this vlan on the ubuntu router. And it turns out that you need to hook everyone up to this ip in the vlan, so that the LAN in vlan2 gets access to the internal resource. The question is how to do something so that, with dst, this resource would be flooded through the IP in the vlan, and if any other dst, then it would be flooded to the Internet through a white IP?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Maxim Grishin, 2018-05-31
@vesper-bot

iptables -t nat -A POSTROUTING -s vlan1net/24 -d resource -j SNAT --to-source=router-ip

Where: vlan1net is the subnet that needs access to that resource; resource - its IP address (gray!); router-ip - IP from which the resource is available.
Of course, the rule should work before the general nat rules for the vlan1net subnet.

D

Denis Sechin, 2018-05-31
@tamogavk

Hi, this rule was,
2124 95416 SNAT all -- * * 0.0.0.0/0 10.218.20.10 to:172.16.0.25
107 36970 SNAT all -- * * 172.16.1.0/24 !10.218.20.10 to:91.202.** *.****
10.218.20.10 is a resource, and 172.16.0.25 is an IP address on the router from which this resource is available.
172.16.1.0/24 is the network in vlan1.