mindlace

I’m very spoiled by the virtual interface feature of Linux, and routinely have quite a few IP addresses associated with one virtual interface.

I’m building a cluster now, where all the machines have only private interfaces save one; obviously, I’d like the internal machines to be able to do their own updating, etc.

So I need to put in some sort of NAT. The problem is, iptables doesn’t recognize virtual interfaces, so you can’t NAT using the source/dest interface as your trigger. So here, then, is the simplest way I’ve found to set up SNAT on a virtual interface, assuming all your IP addresses are on eth0 and you are using a 10 network (in the example, 10.23.0.x) as your internal network:


cat 1 > /proc/sys/net/ipv4/ip_forward
iptables --table nat --append POSTROUTING -d !10.23.0.0/24 -j MASQUERADE