iptables NAT with multiple interfaces

3

I have an ubuntu 10 machine I'm trying to set up with NAT.

eth0 is the WAN interface, that uses DHCP.

eth1, eth2, eth3 are LAN interfaces. They are connected to 192.168.0.50, .51, .52 respectively.

NAT through eth1 works great. On eth2/3, I get nothing -- "no route to host" on ping. Here's my iptables config. Is anything obviously wrong?

# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*nat
:PREROUTING ACCEPT [1799:327587]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [23:2190]
-A POSTROUTING -j MASQUERADE 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*filter
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [24:1613]
:OUTPUT ACCEPT [857:128814]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.0.50/32 -i eth1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
-A FORWARD -s 192.168.0.51/32 -i eth2 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
-A FORWARD -s 192.168.0.52/32 -i eth3 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*mangle
:PREROUTING ACCEPT [3890:612115]
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [220:45916]
:OUTPUT ACCEPT [857:128814]
:POSTROUTING ACCEPT [1140:186789]
-A PREROUTING -i eth1 -j MARK --set-xmark 0x3/0xffffffff 
-A PREROUTING -i eth2 -j MARK --set-xmark 0x4/0xffffffff 
-A PREROUTING -i eth3 -j MARK --set-xmark 0x5/0xffffffff 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
iptables
nat
asked on Server Fault Jan 31, 2011 by Ben K.

2 Answers

1

Obviously wrong is using the same /24 on different interfaces.

answered on Server Fault Feb 1, 2011 by poige
1

As the three Ehternets are in the same network (192.168.0.0/24), maybe you want to bridge them and NAT the bridge device, instead of treating them individually.

brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
brctl addif br0 eth3

ifconfig br0 192.168.0.50/24 # For example

# Now NAT using br0 as local interface and eth0 as WAN
answered on Server Fault Feb 10, 2012 by xOneca • edited Mar 15, 2012 by xOneca

User contributions licensed under CC BY-SA 3.0