Je lance un pare-feu iptables avec 5 adresses IP aliées (adresse IP réelle 10.64.18.1). Cette machine est également ma passerelle pour toutes les machines internes (192.168.18.*). Mon problème est que lorsque 192.168.18.65 sort, j'ai besoin que ma passerelle dise que l'IP est 10.64.18.107 et non pas 10.64.18.1. Est-ce possible? Y a-t-il une commande de post-traçage qui fera cela?
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [276:56637]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i br1 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br0 -o br1 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 2048:2248 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
*nat
:PREROUTING ACCEPT [1558:188540]
:POSTROUTING ACCEPT [55:4040]
:OUTPUT ACCEPT [87:6458]
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.107 --dport 2048:2248 -j DNAT --to-destination 192.168.18.65
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.146 --dport 53 -j DNAT --to-destination 192.168.18.50:53
-A PREROUTING -i br1 -p udp -m udp -d 10.64.18.146 --dport 53 -j DNAT --to-destination 192.168.18.50:53
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.144 --dport 21 -j DNAT --to-destination 192.168.18.60:21
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.144 --dport 22 -j DNAT --to-destination 192.168.18.60:22
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.126 --dport 22 -j DNAT --to-destination 192.168.18.126:22
-A PREROUTING -i br1 -p tcp -m tcp -d 10.64.18.118 --dport 22 -j DNAT --to-destination 192.168.18.118:22
-A POSTROUTING -o br1 -j MASQUERADE
COMMIT