masquerading with DHCP

hawat.thufir_at_gmail.com
Date: 07/13/05


Date: 13 Jul 2005 00:54:03 -0700


"Assuming external internet card is eth0, and external IP is
123.12.23.43 and the
internal network card is eth1, then:

$> modprobe ipt_MASQUERADE # If this fails, try continuing anyway
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
$> echo 1 > /proc/sys/net/ipv4/ip_forward"

<http://www.tldp.org/HOWTO/Masquerading-Simple-HOWTO/summary.html>

unfortunately, this assumption doesn't hold. I'm connecting to the
internet with
wi-fi, which is why I need the masquerading. the setup is:

internet => cable modem
cable modem => router
router => wi-fi adapter
wi-fi adapter => arrakis eth0
arrakis eth0 => arrakis eth1
arrakis eth1 => hub
hub => caladan

Arrakis and caladan are the names for two computers. The ISP uses
DHCP, so arrakis
eth0 is set to use DHCP, as shown by the following:

[root@arrakis init.d]#
[root@arrakis init.d]# date
Wed Jul 13 08:47:34 IST 2005
[root@arrakis init.d]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0
0 eth0
[root@arrakis init.d]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 * 255.255.255.0 U 0 0 0
eth0
192.168.0.0 * 255.255.255.0 U 0 0 0
eth1
169.254.0.0 * 255.255.0.0 U 0 0 0
eth1
default 192.168.2.1 0.0.0.0 UG 0 0 0
eth0
[root@arrakis init.d]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:E6:A0:24:27
          inet addr:192.168.2.175 Bcast:192.168.2.255
Mask:255.255.255.0
          inet6 addr: fe80::20a:e6ff:fea0:2427/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:829 errors:0 dropped:0 overruns:0 frame:0
          TX packets:854 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:282660 (276.0 KiB) TX bytes:143385 (140.0 KiB)
          Interrupt:5 Base address:0xd400

eth1 Link encap:Ethernet HWaddr 00:0D:88:37:FA:22
          inet addr:192.168.0.1 Bcast:192.168.0.255
Mask:255.255.255.0
          inet6 addr: fe80::20d:88ff:fe37:fa22/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b) TX bytes:618 (618.0 b)
          Interrupt:5 Base address:0xd000

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10715 (10.4 KiB) TX bytes:10715 (10.4 KiB)

[root@arrakis init.d]#

I don't see that I'd want to
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43

because there's no 123.12.23.43, that IP is a moving target. yes?

thanks,

Thufir