Ranged 1:1 NAT with iptables
I currently have two networks that I need to be able to talk to each other via a 1:1 NAT situation. I have a CentOS machine running iptables with a nic on each network, and would like to NAT a range of IP addresses between the two networks.
Even if it's a manual process rather than a couple of ranged commands, that's okay - I'm just struggling to get this working.
Basically, i'm trying to NAT 10.0.0.x/24 <--> 172.16.0.x/24
IPTables machine:
eth0: 10.0.0.252/255.255.255.0
eth1: 172.16.0.252/255.255.255.0
Computer A: 10.0.0.8/255.255.255.0
Computer B: 172.16.0.9/255.255.255.0
From computer A, I would like to be able to ping 10.0.0.9 and that be mapped to computer B's IP, 172.16.0.9, and vice versa. If computer B pings 172.16.0.8, that should be mapped to computer A @ 10.0.0.8.
Is this possible with iptables to begin with, and what's the best way of going about this?
TIA
Even if it's a manual process rather than a couple of ranged commands, that's okay - I'm just struggling to get this working.
Basically, i'm trying to NAT 10.0.0.x/24 <--> 172.16.0.x/24
IPTables machine:
eth0: 10.0.0.252/255.255.255.0
eth1: 172.16.0.252/255.255.255.0
Computer A: 10.0.0.8/255.255.255.0
Computer B: 172.16.0.9/255.255.255.0
From computer A, I would like to be able to ping 10.0.0.9 and that be mapped to computer B's IP, 172.16.0.9, and vice versa. If computer B pings 172.16.0.8, that should be mapped to computer A @ 10.0.0.8.
Is this possible with iptables to begin with, and what's the best way of going about this?
TIA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry for that - it was a typo.
I'm glad that you got it working.
I'm glad that you got it working.
ASKER
Your post got me 99% of the way there, although I did have to change one thing along the way.
iptables -t nat -A POSTROUTING -s 10.0.0.8 -j DNAT --to-source 172.16.0.8
iptables -t nat -A POSTROUTING -s 172.16.0.9 -j DNAT --to-source 10.0.0.9
These two lines caused issues - I kept getting "Unknown arg --to-source", which makes sense as it's trying to do a DNAT to a source. So, i changed DNAT to SNAT so the lines read
iptables -t nat -A POSTROUTING -s 10.0.0.8 -j SNAT --to-source 172.16.0.8
iptables -t nat -A POSTROUTING -s 172.16.0.9 -j SNAT --to-source 10.0.0.9
and that works as expected.
I have verified that the aliases and forwarding works as expected, as when I shutdown the network interfaces on computer A when pinging from computer B, the ping stops, and resumes when the interfaces come back up.
Thanks for your help!