/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
[EMAIL PROTECTED] wrote:
> I am currently setting up a firewall to replace our old NT based NAT
> solution.
>
> My firewall handles 16 Real IPs on the Internet Side (all our spacing
> adresses).
>
> For incoming traffic, I use portfw to map each incoming IP/port to an
> internal server (192.168.x.y). That works well.
>
> For users outgoing traffic, no problem, the masquerading solution works
> great.
>
> The problem with masquerading is that all the outbound traffic is rewrited
> using the adapter IP. I need to map some internal servers outgoing traffic to
> specific real IPs (kind of NAT). The rule will depend on internal IP and
> destination port to choose which real IP should be used for sending. I need
> this because the destination system will identify my connection based on the
> IP adress -and I can't use only one ...
>
> Hope it is clear enough. I didn't find a solution to solve this problem.
you need the iproute2 package and you need to turn on policy routing
in your kernel and you need to read the ip command reference. then you
can set up rules to rewrite masqueraded return packets to have the
correct source address. have a look at
http://www.zip.com.au/~raf2/lib/software/firewall/
for an example of how to do this (look for "alias portforwarding").
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
