[TriLUG] IPTables - disable NAT for a specific source/destination

Brian Henning via TriLUG trilug at trilug.org
Wed Jun 6 09:14:28 EDT 2018 

I think there may be some confusion of terms going on here.

A "firewall" decides what packets to allow through or not.
A "router" handles modifying envelope data to get packets along to the next hop.

NAT is a routing function.  iptables does both firewalling and routing.

Perhaps Huan is guessing your intent correctly (a DMZ), but that's not what I'm getting from your description.

Can you describe the intent some more, perhaps give an example situation where NAT is not what you want?  

Cheers,
-Brian


-----Original Message-----
From: TriLUG [mailto:trilug-bounces+bhenning=pineresearch.com at trilug.org] On Behalf Of Ron Kelley via TriLUG
Sent: Wednesday, June 06, 2018 8:24 AM
To: Triangle Linux Users Group General Discussion <trilug at trilug.org>
Subject: [TriLUG] IPTables - disable NAT for a specific source/destination

Greetings all,

I have a test bed running using IPTables on a RHEL 7 server (a “firewall” machine).  This machine provides NAT services for an inside network to an outside network.  For my test, the outside network has the IP space of 172.16.100/0/24, and the inside network has the IP space of 192.168.100.0/24.  The firewall has two IP Addresses:  172.16.100.10 (outside) and 192.168.100.1 (inside).  

As you might expect, all VMs on the inside network go through the firewall, and their source IP gets NAT’d to the 172.16.100.10 IP.  All working well.

However, I have a unique requirement for one of the inside VMs to go through the firewall w/out a NAT address.  Essentially, this particular machine needs a “no nat” statement in the IPTables rules.  In this case, the firewall is simply a router.

I have searched google for any sort of “no nat” example but can’t find it.  Does anyone have a sample they can share?  


Thanks,

-Ron
--
This message was sent to: Brian <bhenning at pineresearch.com> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	: https://www.trilug.org/mailman/options/trilug/bhenning%40pineresearch.com
Welcome to TriLUG: https://trilug.org/welcome

More information about the TriLUG mailing list