1:1 NAT desing question

[Bruno Negr�o]

Hy all, I'm using a linux firewall with two ethernet interfaces + iptables + masquerading (for windows clients) + NAT 1:1 (for application servers). My external interface, eth0, has 3 ip adresses (ip aliasing) destined to make 1:1 NAT for 3 internal servers.   When some internet machine connects to one of my internal servers, let's say server1, it will connect to the firewall's external aliased ip(eth0:0 - 200.111.111.111) which will be managed by the following rule: $IPTABLES -t nat -A PREROUTING -d 200.111.111.111 -j DNAT --to-destination $SERVER1_INTERNAL_IP   But, when server1 starts a connection to the outside world, it will match the default masquerading rule to all internal machines: $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 200.111.111.110   What perturbs me is: when server1 answers the outside world it will show a source ip 200.111.111.111. But when server1 starts a connetion to the internet, it will use the ip 200.111.111.110 - the ip of the firewall's eth0.   Does it offer any problem? How are you dealing with this case? Don't I need an additional rule as: iptables -t nat -A POSTROUTING -o eth0 -j SNAT -s $SERVER1_INTERNAL_IP -j SNAT --to-destination 200.111.111.111 ??   thank you all, -------------------------------------------------  -- Bruno Negr�o -- Suporte  -- Plugway Acesso Internet Ltda.  -- (31)34812311  -- [EMAIL PROTECTED]