/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hi all, I'm trying to do something rather complicated. We have three large WAN's (more but three for this example). Some of the routes on one of the WAns is not known on the other. My WAN being in the middle knows about both. I want to build a NAT box so we can give users one one LAN addresses that are valid for them to get to, then when they come to the box that has that, they get NAT'ted to a different address where the box really is. Example: I have a host on 192.168.1.2 that the guys on 10.10.1.1 want to access. We can't route them due to their being RFC addresses. Both CAN route to my netowrk 153.157.0.0. I set them up a address 153.157.120.0/24 and made addresses for each host they want to access. I.e. 192.168.1.2 is assigned 153.157.120.3. Now it seems to me I should be able to use ipchains to translate that. That way when 10.10.1.1 accesses 153.157.120.3 they get forwarded to 192.168.1.2. My question is how do I do this with ipchains? I've read the HOWTO until I'm blue in the face and don't get it. Seems there ought to be a rulke in the input chain, maybe a REDIRECT but what do I put in the output or forward chain to send the packets on? Now, this isn't as easy as it appears to be because the NAT box isn't interconnected between the networks - i.e. not a normal configuration. Matter of fact, I only have one NIC in it right now. WHat I did was add additional IP addresses to the eth0 interface by doing: ifconfig eth0:1 157.153.120.3 ifconfig eth0:1 up NOw if you do a ifconfig -a you see the primary address eth0 - 157.153.120.2 and then eth0:1, eth0:2 etc. All of the HOWTO examples seem to assume the NAT box is gonna MASQ all outgound traffic behind ONE IP - this is not what I want to do - I want a one-to one correlation for the hosts. Any help much appreciated. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
