Hy all, I'm using a linux firewall with two ethernet interfaces + iptables + masquerading (for windows clients) + NAT 1:1 (for application servers). My external interface, eth0, has 3 ip adresses (ip aliasing) destined to make 1:1 NAT for 3 internal servers.
When some internet machine connects to one of my internal servers, let's say server1, it will connect to the firewall's external aliased ip(eth0:0 - 200.111.111.111) which will be managed by the following rule: $IPTABLES -t nat -A PREROUTING -d 200.111.111.111 -j DNAT --to-destination $SERVER1_INTERNAL_IP But, when server1 starts a connection to the outside world, it will match the default masquerading rule to all internal machines: $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 200.111.111.110 What perturbs me is: when server1 answers the outside world it will show a source ip 200.111.111.111. But when server1 starts a connetion to the internet, it will use the ip 200.111.111.110 - the ip of the firewall's eth0. Does it offer any problem? How are you dealing with this case? Don't I need an additional rule as: iptables -t nat -A POSTROUTING -o eth0 -j SNAT -s $SERVER1_INTERNAL_IP -j SNAT --to-destination 200.111.111.111 ?? thank you all, ------------------------------------------------- -- Bruno Negr�o -- Suporte -- Plugway Acesso Internet Ltda. -- (31)34812311 -- [EMAIL PROTECTED] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
