From rich at thevillas.eclipse.co.uk  Mon Apr  2 03:49:34 2007
From: rich at thevillas.eclipse.co.uk (richard)
Date: Mon, 02 Apr 2007 11:49:34 +0100
Subject: [NARC] snat and narc
Message-ID: <4610DFBE.9020804@thevillas.eclipse.co.uk>

Hi I have a question regarding SNAT


Basically, our webserver resides at 192.168.1.x on the LAN.
To the outside world it is at xxx.xxx.xxx.xxx(this is actually our
firewall that forwards traffic through to the webserver on the LAN at
192.168.1.x)
Users outside the LAN just point their browsers at xxx.xxx.xxx.xxx.
Pointing the browser to xxx.xxx.xxx won't work for users on the LAN.

So, for external users we have a rule such as

  iptables -t nat -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT 
--to-destination 192.168.1.x


For clients on the LAN i need something like:

  iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 
xxx.xxx.xxx.xxx --dport 80 -j SNAT --to-source 192.168.1.X
  (192.168.1.X is the internal LAN address of the firewall)

I have put this last rule in the narc-custom file but it doesn't seem to 
work.
Any ideas?

Thanks in advance

Rich