Linux and NAT Routing

I have a Linux box with two IP addresses on it (eth0 and eth0:0) which does NAT for the rest of my network. I want all the packets that NAT to go out with the source address of the eth0:0 IP address. This is done with the SNAT directive in your iptables statement. In fact you can tell it to NAT the packets with ANY IP address, including IPs not on the box. None of the packets will get back to you but it will let you configure it that way.

/sbin/iptables -t nat -A POSTROUTING --src 10.8.0.0/24 -o eth0 -j SNAT --to-source 55.66.77.88

This tells iptables to do (source) NAT for IPs on the 10.8.0.0/24 subnet, and to use the source address of 55.66.77.88. It should be noted that this is different than the MASQUERADE option which should be used for dynamic (DHCP/Dial-up) connections where the IP address changes.

Leave A Reply
All content licensed under the Creative Commons License