Jan 132014
 

I’m working on migrate office LAN from one subnet to another subnet, it brings lots of network inter-connection issues, and it seems iptable is Swiss knife that can solve anything :P.

One case is that I need to let machines in new subnet accessing the old subnet, since the dump router is busy enough to handle uplink and VPN and port forwarding, I decided to use a Linux box to get things done, all that I did:

1. connect the box to two subnet, actually since two subnet share the same physical network, I just configure a second IP address on the only NIC
2. net.ipv4.ip_forward = 1
3. -A FORWARD -i eth0:1 -j ACCEPT
4. -A POSTROUTING -o eth0 -j MASQUERADE

Next thing is that the network printer … it does not support multiple IP address thus I have to have another host running the IP form the new subnet and then direct everything to the old IP:

1. add the IP from the new subnet to the box, again a second IP for the NIC works
2. net.ipv4.ip_forward = 1
3. -A PREROUTING -d new_IP -j DNAT –to-destination old_IP
4. -A POSTROUTING -o eth0 -j MASQUERADE

after this everything hitting the new_IP will be directed to old_IP.

More examples to come, to show how iptable helps ๐Ÿ˜‰

  One Response to “Interesting iptable use cases”

  1. Note that eth0:1 is the incoming NIC, and eth0 is the outgoing NIC.

Sorry, the comment form is closed at this time.