Outbound NAT to a specific IP

Home Page Forums Network Management ZeroShell Outbound NAT to a specific IP

This topic contains 5 replies, has 0 voices, and was last updated by  ksrimoungchanh 4 years, 9 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #42789

    Hello all,

    Another question, can someone assist me in setting up a Source NAT address. I have several IP’s on ETH1 and have them forwarding certain ports in teh Virtual Server interface to inside host.

    now, I am needing traffic that initiates from those hosts to go out the same external address.

    Basically, 3 private host, needs to all go out 3 different external IP’s on ETH1.

    any help.. would this be Source Nating?

    Kou

    #51454

    777maxism
    Member

    If I understand correctly then this is what you need.
    Zahodish (Startup / Krohn) there choose section (NAT and Virtual Servers) and Enable section, insert the rules, change the value of their own, at the end restart Zeroshell.

    # incoming rules
    iptables -t nat -I PREROUTING 1 -d 9.9.9.1 -i ETH00.771 -j DNAT –to-destination 10.55.0.62
    iptables -t nat -I PREROUTING 1 -d 9.9.9.2 -i ETH00.771 -j DNAT –to-destination 10.55.0.57
    iptables -t nat -I PREROUTING 1 -d 9.9.9.3 -i ETH00.771 -j DNAT –to-destination 10.55.0.172

    # Outgoing rules
    iptables -t nat -I POSTROUTING 1 -s 10.55.0.62 -o ETH00.771 -j SNAT –to-source 9.9.9.1
    iptables -t nat -I POSTROUTING 1 -s 10.55.0.57 -o ETH00.771 -j SNAT –to-source 9.9.9.2
    iptables -t nat -I POSTROUTING 1 -s 10.55.0.172 -o ETH00.771 -j SNAT –to-source 9.9.9.3

    #51455

    777maxism
    Member

    Yes, I almost forgot in the beginning need to add IP address on an interface.

    ETH00 1000Mb/s Full Duplex
    Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) UP
    VLAN: 771 (Inet_1)
    9.9.9.1 255.255.255.0
    9.9.9.2 255.255.255.0
    9.9.9.3 255.255.255.0

    In (Net Balancer) to prescribe rules for the Local IP and send them to the appropriate interface.
    * * MARK all opt — in * out * 10.55.0.62 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)
    * * MARK all opt — in * out * 10.55.0.57 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)
    * * MARK all opt — in * out * 10.55.0.172 -> 0.0.0.0/0 MARK set 0x68 Inet_1 (9.9.9.254)

    #51456

    Thank you for your guidance. I do have more questions to get clarification,

    1. in your examples, does ETH00.771 refer to the inside interface or outside?
    2. do I need to have both rules or can I just do the outgoing? I am not needing all the TCP/UDP to be forwarded. I already have it inbound setup already.

    Thanks again,

    Kou

    #51457

    777maxism
    Member

    up

    #51458

    ivfr
    Member

    I try to do source natting with Zeroshell 3.1 as well.

    As far as I can see, this is not possible to configure in the ui.
    I know to configure iptables on a normal Linux system, but I don’t understand the answer of 777maxism:

    What does mean

    Zahodish (Startup / Krohn)there choose section (NAT and Virtual Servers) and Enable section, insert the rules, change the value of their own, at the end restart Zeroshell.

    The first bold part I do not understand.

    #51459

    redfive
    Participant

    You can put your nat custom rules in “SYSTEM,Setup,Scripts/Cron, NAT and Virtual Servers script”, and then enable the script.
    Regards

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.