On Tue, 2004-09-21 at 15:50, vizi0n (debian-firewall) wrote: > Hi everyone! > > I've been trying to make myself a router/firewall for the past few days > (never done that before) but so far I managed to throw away my DI-604, which > is not a bad thing at all :) I am using Debian Sarge and the FireHOL package > which is basically an iptables generator from my understanding. > > Now my problem is, I am using this Sarge box as my gateway (1 nic for LAN, 1 > plugged into a PPPoE DSL modem). It all works fine and my routes are set for > nat, but I would like to add my other IP's my isp gives me. (3 in fact) and > associate them with specific LAN machines. > > My isp gives me an extra /30 that I can use. So I would like to forward each > of these new IPs to specific LAN IPs, and reverse as well (my friend says > this is called one-to-one nat or something) > > I've tried creating virtual interfaces for my extra IPs but no luck (eth0:0, > eth0:1, eth0:2) > > Does anyone know how I could do that, as I'm not an iptables expert at all. > > Thanks! > > viz >
to have your outside nic listen on multiple IP's create the aliases and refer to them in firehol.conf as follows: interface eth0 alias_eth0_1 dst a.b.c.d/nn where a.b.c.d is your second (or third...) IP the name (alias_eth0_1) is arbitrary but the idea is that you use the real network interface (eth0) instead of the alias (eth0:1) as to the mapping to inside LAN IP's: don't know for sure but probably something like this at the top of your config: nat to-destination w.x.y.z proto tcp dport 80 dst a.b.c.d/nn where w.x.y.z is your LAN IP en a.b.c.d is your extra outside IP. this line will map port 80 to an IP on your LAN. tinus.
