You didn't include the actual nat commands from the cisco. They should start with something like "ip nat inside...." or "ip nat outside..."
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of A. Clausen > Sent: Friday, May 24, 2002 2:51 PM > To: [EMAIL PROTECTED] > Subject: Converting from Cisco NAT to IPTables > > > Out of the desire not to spend a fortune on another Cisco box, and to > fulfill the need to do IP accounting, traffic shaping and (possibly) > caching, we are putting together a Linux box. So far I have successfully > configured iptables to do some pretty basic IP accounting (which is all we > really need). One area that is stumping me is translating IOS > NAT commands > into iptables. > > We have what appears to be a rather odd configuration. Our Cisco > router is > running as the border router between our upstream provider and our own /23 > block of addresses. It is also configured to do NAT, though all NAT > addresses are routed to three proprietary routers with a public IP address > and then a private IP address. Here is our current NAT > configuration on the > Cisco router. > > interface Ethernet0 > description This the outside ethernet connected to our upstream provider > ip address yyy.yyy.yyy.yyy 255.255.255.252 > ip access-group 101 out > no ip directed-broadcast > ip nat outside > ! > interface Ethernet1 > ip address xxx.xxx.xxx.2 255.255.254.0 > no ip directed-broadcast > ip nat inside > ! > ip route 10.101.104.0 255.255.248.0 xxx.xxx.xxx.170 > ip route 10.102.104.0 255.255.248.0 xxx.xxx.xxx.174 > ip route 10.103.104.0 255.255.248.0 xxx.xxx.xxx.175 > access-list 1 permit 10.101.104.0 0.0.7.255 > access-list 1 permit 10.102.104.0 0.0.7.255 > access-list 1 permit 10.103.104.0 0.0.7.255 > > yyy.yyy.yyy.yyy is the upstream provider's IP for our router. > xxx.xxx.xxx addresses are our own public block of IP addresses. > > I hope there is a way to do this using iptables, since everything else in > Linux has gone off like a charm. > > -- > A. Clausen > > >
