NAT dont works

General system Applications
1

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -N TCP
iptables -N UDP
ptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp7s0 -o enp8s0 10.44.0.0/16 -j ACCEPT
iptables -A FORWARD -i enp8s0 -o enp7s0 10.44.0.0/16 -j AACEPT

iptables -A POSTROUTING -s 10.44.0.0/16 -o enp7s0 -j SNAT –to-source ( ip-wan)
iptables -A fw-interfaces -i enp7s0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.44.0.0/16 -o (ip -wan ) -j MASQUERADE
*(enp7s0 LAN network card, enp8s0 WAN network card)

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

2

iptables -A POSTROUTING -s 10.44.0.0/16 -o enp7s0 -j SNAT --to-source ip-wan
iptables: No chain/target/match by that name.
(masquerade with these ip is entered without errors)

iptables -A FORWARD -i enp7s0 -o enp8s0 10.44.0.0/16 -j ACCEPT
Bad argument `10.44.0.0/16’
It worked on Debian

3

iptables-save

Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024

*nat
:PREROUTING ACCEPT [11905:1058629]
:INPUT ACCEPT [11905:1058629]
:OUTPUT ACCEPT [5806:542734]
:POSTROUTING ACCEPT [5760:537300]
-A POSTROUTING -s 10.44.0.0/16 -o enp2s0 -j MASQUERADE
COMMIT

Completed on Fri Mar 8 15:09:03 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024

*mangle
:PREROUTING ACCEPT [277335:219341041]
:INPUT ACCEPT [277334:219341001]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [189947:31367948]
:POSTROUTING ACCEPT [189986:31373372]
COMMIT

Completed on Fri Mar 8 15:09:03 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024

*raw
:PREROUTING ACCEPT [277335:219341041]
:OUTPUT ACCEPT [189947:31367948]
COMMIT

Completed on Fri Mar 8 15:09:03 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024

*security
:INPUT ACCEPT [277334:219341001]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [189947:31367948]
COMMIT

Completed on Fri Mar 8 15:09:03 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024

*filter
:INPUT ACCEPT [9521:2326611]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [50151:8765723]
:TCP - [0:0]
:UDP - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A FORWARD -s 10.44.0.0/16 -j ACCEPT
-A FORWARD -d 10.44.0.0/16 -j ACCEPT

*(This is the result after I wrote it:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o enp2s0 -s 10.44.0.0/16 -j MASQUERADE
iptables -I FORWARD -d 10.44.0.0/16 -j ACCEPT
iptables -I FORWARD -s 10.44.0.0/16 -j ACCEPT
But traffic still does not pass through NAT from the local network address 10.44.7.77)

4

I add:
iptables -A FORWARD -j fw-interfaces
iptables -A FORWARD -j fw-open
iptables -A fw-interfaces -i enp2s0 -j ACCEPT

  • still doesn’t work
    iptables-save

Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024

*nat
:PREROUTING ACCEPT [12733:1134668]
:INPUT ACCEPT [12733:1134668]
:OUTPUT ACCEPT [6586:610540]
:POSTROUTING ACCEPT [6540:605106]
-A POSTROUTING -s 10.44.0.0/16 -o enp2s0 -j MASQUERADE
COMMIT

Completed on Fri Mar 8 16:39:06 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024

*mangle
:PREROUTING ACCEPT [310332:239397578]
:INPUT ACCEPT [310331:239397538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [214072:38102625]
:POSTROUTING ACCEPT [214111:38108049]
COMMIT

Completed on Fri Mar 8 16:39:06 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024

*raw
:PREROUTING ACCEPT [310332:239397578]
:OUTPUT ACCEPT [214072:38102625]
COMMIT

Completed on Fri Mar 8 16:39:06 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024

*security
:INPUT ACCEPT [310331:239397538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [214072:38102625]
COMMIT

Completed on Fri Mar 8 16:39:06 2024

Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024

*filter
:INPUT ACCEPT [42518:22383148]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [74276:15500400]
:TCP - [0:0]
:UDP - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A FORWARD -s 10.44.0.0/16 -j ACCEPT
-A FORWARD -d 10.44.0.0/16 -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A fw-interfaces -i enp2s0 -j ACCEPT
-A fw-interfaces -i enp3s0 -j ACCEPT
COMMIT

5

iptables -L -n -v
Chain INPUT (policy ACCEPT 57869 packets, 36M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 – * * 10.44.0.0/16 0.0.0.0/0
0 0 ACCEPT 0 – * * 0.0.0.0/0 10.44.0.0/16
0 0 fw-interfaces 0 – * * 0.0.0.0/0 0.0.0.0/0
0 0 fw-open 0 – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 84454 packets, 17M bytes)
pkts bytes target prot opt in out source destination

Chain TCP (0 references)
pkts bytes target prot opt in out source destination

Chain UDP (0 references)
pkts bytes target prot opt in out source destination

Chain fw-interfaces (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 – enp2s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – enp3s0 * 0.0.0.0/0 0.0.0.0/0