/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Leggett, Jeff wrote:
> Hi all, I'm trying to do something rather complicated. We have three
> large WAN's (more but three for this example). Some of the routes on one of
> the WAns is not known on the other. My WAN being in the middle knows about
> both. I want to build a NAT box so we can give users one one LAN addresses
> that are valid for them to get to, then when they come to the box that has
> that, they get NAT'ted to a different address where the box really is.
>
> Example: I have a host on 192.168.1.2 that the guys on 10.10.1.1
> want to access. We can't route them due to their being RFC addresses. Both
> CAN route to my netowrk 153.157.0.0. I set them up a address
> 153.157.120.0/24 and made addresses for each host they want to access. I.e.
> 192.168.1.2 is assigned 153.157.120.3. Now it seems to me I should be able
> to use ipchains to translate that. That way when 10.10.1.1 accesses
> 153.157.120.3 they get forwarded to 192.168.1.2. My question is how do I do
> this with ipchains? I've read the HOWTO until I'm blue in the face and don't
> get it. Seems there ought to be a rulke in the input chain, maybe a REDIRECT
> but what do I put in the output or forward chain to send the packets on?
>
> Now, this isn't as easy as it appears to be because the NAT box
> isn't interconnected between the networks - i.e. not a normal configuration.
> Matter of fact, I only have one NIC in it right now. WHat I did was add
> additional IP addresses to the eth0 interface by doing:
> ifconfig eth0:1 157.153.120.3
> ifconfig eth0:1 up
> NOw if you do a ifconfig -a you see the primary address eth0 -
> 157.153.120.2 and then eth0:1, eth0:2 etc. All of the HOWTO examples seem
> to assume the NAT box is gonna MASQ all outgound traffic behind ONE IP -
> this is not what I want to do - I want a one-to one correlation for the
> hosts.
> Any help much appreciated.
you're looking in the wrong place. policy routing
and the iproute2 package is what you need. with it,
you can nat individual addresses or entire networks.
you'll have to read the ip command reference. you
can also look at http://www.zip.com.au/~raf2/lib/software/firewall
for an example of how to do it.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
