On Thu, 2007-06-07 at 17:31 +0200, Moshe Leibovitch wrote: > read > http://www.wrtrouters.com/guides/multipleips/
Thanks - after following the very simple IPTables instructions, I managed to get my local machine (that is connected on the private LAN) seen outside as one of the external IPs assigned to me (at least - thats what www.whatismyip.org tells me). So apparently the routing is working correctly (w/o any effort required on my side), and I just need to get some IPTables magic going. The way the DD-WRT iptables is set up (and possibly linksys's default firmware) is that when you setup port-forwarding, it sets up these rules: iptables -t nat -A PREROUTING -j DNAT -p tcp --dst <external ip> --dport 100 --to 192.168.1.100:100 iptables -A FORWARD -j ACCEPT -p tcp --dst 192.168.1.100 --dport 100 The second rule is needed because forwarding is blocked by default. Now the above article instructed me to do: iptables -t nat -A PREROUTING -d <static IP1> -j DNAT --to-destination 192.168.1.100 iptables -t nat -A POSTROUTING -s 192.168.1.100 -j SNAT --to-source <static IP1> Which got me full mapping for lan->wan, but nothing goes in unless it falls into "established related". To get wan->lan I also need to add: iptables -A FORWARD -j ACCEPT -p tcp --dst 192.168.1.100 And that got everything to work - by mapping static IPs to private ones. Problem is - I don't want to use private DHCP assigned addresses for the computers that should use the static IPs, so now I need to figure out how to setup a vlan with the static IPs bound to real machines, instead of mapping. Shouldn't be too hard. Thanks everyone for helping :-) -- Oded ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
