Am Mit, 2002-07-17 um 00.37 schrieb [EMAIL PROTECTED]: > From: Martin A. Brown <[EMAIL PROTECTED]> > To: Lucky <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [LARTC] Routing private and non-private ips > Date: 16 Jul 2002 13:19:19 -0500 > > Lucky, > > If I understand correctly what you are trying to do, it is simple static > network address translation. The following commands should give you > static NAT.
Well, that sounds quite good :) I first got an "RTNETLINK answers: Invalid argument", but D'oh, it was the wrong shell ;) > Choose an IP in your /29 and make it the public IP. Choose an IP in the > internal rfc 1918 network and make it the private IP. Now try the > following: > > ip route add nat pu.bl.ic.ip via pr.iv.at.ip > ip rule add nat pu.bl.ic.ip from pr.iv.at.ip prio $PRIO > ip route flush cache A big thant you, this works so far. I thought that I could give a public IP to one of the NICs in the Server here, an it would be routed directly to, but this is also very nice. I think it works partially now. If I do a traceroute from a pc on the internet, it goes on up to the router and stops there. If I ping the NATed IP from the router, I get: moria2:~# ping x.x.x.42 ping: sendto: Invalid argument ping: wrote x.x.x.42 64 chars, ret=-1 Ping to the private one just works fine: moria2:~# ping 192.168.2.206 PING 192.168.2.206 (192.168.2.206): 56 data bytes 64 bytes from 192.168.2.206: icmp_seq=0 ttl=64 time=0.5 ms Well, there comes something to my mind: All of the 192.168.2.0/24 gets masq'ed to the internet on the router. I think I somehow have to exclude 192.168.2.206 (the pr.iv.at.ip) from the masq'ing, right? Or is the best solution to put the to-be-NATed server in another subnet (192.168.4.0/24) for example? > As for the packet filtering, you'll have to make a second set of rules. > > You'll need to allow the packet from outside to the public IP and you'll > need to add a second set of rules to allow the packet from outside to the > private IP. > > Good luck, > > -Martin > -- Lucky _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
