{"id":1611,"date":"2014-01-13T11:35:57","date_gmt":"2014-01-13T18:35:57","guid":{"rendered":"http:\/\/xiehang.com\/blog\/?p=1611"},"modified":"2014-02-05T14:32:16","modified_gmt":"2014-02-05T21:32:16","slug":"interesting-iptable-use-cases","status":"publish","type":"post","link":"https:\/\/xiehang.com\/blog\/2014\/01\/13\/interesting-iptable-use-cases\/","title":{"rendered":"Interesting iptable use cases"},"content":{"rendered":"

I’m working on migrate office LAN from one subnet to another subnet, it brings lots of network inter-connection issues, and it seems iptable is Swiss knife that can solve anything :P.<\/p>\n

One case is that I need to let machines in new subnet accessing the old subnet, since the dump router is busy enough to handle uplink and VPN and port forwarding, I decided to use a Linux box to get things done, all that I did:<\/p>\n

1. connect the box to two subnet, actually since two subnet share the same physical network, I just configure a second IP address on the only NIC
\n2. net.ipv4.ip_forward = 1
\n3. -A FORWARD -i eth0:1 -j ACCEPT
\n4. -A POSTROUTING -o eth0 -j MASQUERADE<\/p>\n

Next thing is that the network printer … it does not support multiple IP address thus I have to have another host running the IP form the new subnet and then direct everything to the old IP:<\/p>\n

1. add the IP from the new subnet to the box, again a second IP for the NIC works
\n2. net.ipv4.ip_forward = 1
\n3. -A PREROUTING -d new_IP -j DNAT –to-destination old_IP
\n4. -A POSTROUTING -o eth0 -j MASQUERADE<\/p>\n

after this everything hitting the new_IP will be directed to old_IP.<\/p>\n

More examples to come, to show how iptable helps \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"

I’m working on migrate office LAN from one subnet to another subnet, it brings lots of network inter-connection issues, and it seems iptable is Swiss knife that can solve anything :P. One case is that I need to let machines in new subnet accessing the old subnet, since the dump router is busy enough to […]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[466,326,467],"_links":{"self":[{"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/posts\/1611"}],"collection":[{"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/comments?post=1611"}],"version-history":[{"count":3,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/posts\/1611\/revisions"}],"predecessor-version":[{"id":1670,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/posts\/1611\/revisions\/1670"}],"wp:attachment":[{"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/media?parent=1611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/categories?post=1611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiehang.com\/blog\/wp-json\/wp\/v2\/tags?post=1611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}