Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

NAT configuration

Hi

We are a basic isp. One of our clients connects thru our server to the internet.  We run Linux Redhat 7.2.  They can browse and receive email, but they use our IP address.  Their ip address is 192.168.1.0 and our address is 196.7.87.2.  Which means that they can't ftp or ping other ip's besides ours.  How do I configure NAT to change there ip address to 196.7.87.3 which is within our ip range.  So when they dial to our server there ip gets changed from 192.168.1.0 to 196.7.87.3.
0
Illegaldragster
Asked:
Illegaldragster
1 Solution
 
TheAmigoCommented:
Is your RH 7.2 system acting as a router?  If it's passing all the packets, then you can NAT their packets by adding this:

iptables -A POSTROUTING -t nat -s 192.168.1.0 -j SNAT --to 196.7.87.3
iptables -A PREROUTING -t nat -d 196.7.87.3 -j DNAT --to 192.168.1.0

The first rule takes care of all their outbound packets.  The second rule allows other people on the internet to connect to them.
0
 
IllegaldragsterAuthor Commented:
Thank you for your answer.
But if I now ping 196.7.87.3 the host is unreachable. Is there anything else I need to change on my server to let that address be seen.  Is the no ip I need to change on the network card or something.
0
 
IllegaldragsterAuthor Commented:
TheAmigo the solution never worked. Anybody else got some ideas.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
_HAL_Commented:
Try to activate IP_FORWARDING on kernel.

Type: echo "1" > /proc/sys/net/ipv4/ip_forward

And add the following rule:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(Replace eth0 by your "external interface")

Ping now from any host from 192.168.1.0 to 196.7.87.3
0
 
CleanupPingCommented:
Illegaldragster:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
IllegaldragsterAuthor Commented:
These comments did help in a way ,but I had to try a few other things aswell.  Thank you to everyone that contributed.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now