How to configure iptables MASQUERADE rule for set of secondary IP address?

Solution In Progress - Updated -

Issue

  • I have RHEL with iptables as a firewall. I have set of 3 public IP address for WAN.
eth0   1.1.1.1  # 1st IP address
eth0:0 1.1.1.2  # 2nd IP address
eth0:1 1.1.1.3  # 3rd IP address

eth1   2.2.2.2 # LAN segment
  • I added MASQUERADE rule to allow Internet access from my LAN as below:
iptables -t nat -A POSTROUTING -s 2.2.2.2 -o eth0 -j MASQUERADE
  • Now outgoing connections from my LAN to WAN will be masquerading with 1.1.1.1 public IP. How can I change masquerading ip "1.1.1.1" for any other as e.g 1.1.1.2 or 1.1.1.3 ?
  • How to configure iptables MASQUERADE rule for set of secondary IP address?
  • What is the advantage of using iptables MASQUERADE target over SNAT target?

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content