Different public source IPs from NAT’ed internal servers?

Home Page Forums Network Management Networking Different public source IPs from NAT’ed internal servers?

This topic contains 5 replies, has 0 voices, and was last updated by  jeffrhysjones 10 years, 6 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41390

    I have a couple of servers NATed behind a zeroshell box using the Virtual Server feature.

    The ZeroShell box started off with a public IP of x.x.x.1

    Then I created two new IPs on the public ETH0 network (in my public range) so I could use the Virtual Server feature to forward HTTP from each public IP to either server:

    ETH 0

    ZeroShell box has a public IP of x.x.x.1
    Server A has a public IP of x.x.x.2
    Server B has a public IP of x.x.x.3

    ETH 1

    Server A has a NAT’ed internal IP of 192.168.0.2
    Server B has a NAT’ed internal IP of 192.168.0.3

    Virtual Server NATs this inbound fine. The problem is with outbound traffic.

    However, I can’t seem to find a configuration option to set the public IP of the server for outgoing traffic (SMTP for instance).

    Both Server A and Server B show their ‘External’ public IP as being that first IP that was added to the Zeroshell box – x.x.x.1

    Is there an easy way I can assign all traffic that goes from Server A 192.168.0.2 to appear that it is coming from x.x.x.2 and Server B 192.168.0.3 to appear that it’s come from x.x.x.3?

    Some sort of SNAT script in startup perhaps?

    Cheers,

    Jeff

    #47364

    Hi all – any takers on this one.

    I’m sure it’s some sort of SNAT switch / option / script but I just can’t find it.

    Many thanks in advance.

    Jeff

    #47365

    ppalias
    Member

    Hi,
    according to what you ask the rule

    iptables -t nat -A POSTROUTING --source 192.168.0.2 -j SNAT --to-source x.x.x.2

    should do the work for you.
    All you need is to place it on the appropriate line in iptables configuration.

    #47366

    Thanks for that – could you let me know the best place to put this where I can easily update / add more of these?

    I thought: > SETUP / Startup/Cron / NAT And Virtual Servers Script

    Am I also right that in here I just hit the ‘test’ button to reload the script – or do any changes only take place on restart?

    Cheers,

    Jeff

    #47367

    OK I have added the iptables line in to ‘NAT/Virtual Server Scripts’ – hit test & restarted the box also. However, when checking the external IP of the internal server on 192.168.0.2 – I’m still not getting the correct x.x.x.2 IP coming up – I’m still getting the first external IP which is x.x.x.1.

    From IPTABLES – this shows that the scripted rule is in there (see bold)

    Any ideas?

    Cheers,

    Jeff

    >>>>>>>>>>>>>>>>>>>>>>>>>

    Chain POSTROUTING (policy ACCEPT 6 packets, 698 bytes)
    pkts bytes target prot opt in out source destination
    303 21842 SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
    295 21051 MASQUERADE all — * ETH00 0.0.0.0/0 0.0.0.0/0
    0 0 MASQUERADE all — * ETH02.252 0.0.0.0/0 0.0.0.0/0
    0 0 MASQUERADE all — * ETH02.253 0.0.0.0/0 0.0.0.0/0
    0 0 SNAT all — * * 192.168.0.2 0.0.0.0/0 to:x.x.x.2
    8 791 OpenVPN all — * * 0.0.0.0/0 0.0.0.0/0

    #47368

    Aha – I had MASQUERADE on – took it off the ETH0 interface, and this seems to work now!

    Jeff

    #47369

    imported_fulvio
    Participant

    The problem is the sequence that is not correct. If you use the iptables command with -A switch, the rule is appended to the POSTROUTING chain. You should use the -I switch instead with which you can specify the position where to insert the rule. In other words try to replace

    iptables -t nat -A POSTROUTING –source 192.168.0.2 -j SNAT –to-source x.x.x.2

    with

    iptables -t nat -I POSTROUTING 2 –source 192.168.0.2 -j SNAT –to-source x.x.x.2

    Regards
    Fulvio

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.