iptables NAT assistance

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
pr0n
DD-WRT Novice


Joined: 08 Mar 2014
Posts: 2

PostPosted: Sat Mar 08, 2014 23:09    Post subject: iptables NAT assistance Reply with quote
The short of it: Need to NAT traffic leaving an interface.

I've got networking experience but I've never used iptables so I'm having some trouble figuring out how to accomplish this.

Physical setup

I have ddwrt on an Asus RT N66u. I have a Cisco ASA 5505 connected to one of the n66u ports as a client, the 5505 has a VPN setup on (which is working). The 5505 then connects back into the n66u on eth4.

5505 ip address 192.168.51.17
The network the 5505 vpn gets me to is (for now) 172.21.0.0/16, I have added this route to the routing table manually

eth4 is in vlan3

vlan 3 inet addr:192.168.51.18 Bcast:192.168.51.23 Mask:255.255.255.248

ip route
<Some WAN network>/22 dev vlan2 proto kernel scope link src <Some WAN ip>
127.0.0.0/8 dev lo scope link
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
172.21.0.0/16 via 192.168.51.17 dev vlan3
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
192.168.51.16/29 dev vlan3 proto kernel scope link src 192.168.51.18


The route and VPN works, I can ping 172.21.1.1 from ddwrt as expected and it takes the proper route through the 5505. However; none of the clients can get to it because the 172.21.0.0 network can't route back to my ddwrt clients properly but I don't want it to. I would like to setup NAT on vlan3 to NAT all traffic leaving the interface behind 192.168.51.17.

I've googled a bit but can't seem to find anything helpful as far as NAT goes. If someone could help out here that would be fantastic.



iptables -L
Code:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     gre  --  192.168.1.0/24       anywhere
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723
lan2wan    0    --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere
Sponsor
pr0n
DD-WRT Novice


Joined: 08 Mar 2014
Posts: 2

PostPosted: Sun Mar 09, 2014 0:21    Post subject: got what I needed Reply with quote
After some discovery, trial and error I've figured out what I needed.

iptables -t nat -I POSTROUTING 2 -o vlan3 -j MASQUERADE

thanks.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum