Linux – NAT and two bridges

bridgelinuxnat;router

I have a Debian Squeeze server (as router and host for virtual servers) with two network cards – eth0 for internet, eth1 for local network. I installed KVM, so I created br0 (eth0, vnet0) and br1 (eth1, vnet1). Now I need to setup local network access on this server but it is not working 🙁 What I should do to have internet access from local network (traffic comming on br1)? Everything works ok except the internet access on lan.

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

If I don't use bridges, such configuration is working (with eth0 isntead of br0).

Best Answer

The MASQUERADE target is a bit "magic" as it uses the IP set up on the output interface to source-nat the traffic.

You could use the SNAT target with the public IP address in parameter :

iptables -t nat -A POSTROUTING -o br0 --to-source W.X.Y.Z -j SNAT

I you want to use the MASQUERADE target (if your public IP changes for example), you should put the rule on the interface where the public address is setup, eth0 :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Related Topic