/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Warren Cundy wrote:
> Hello,
>
> Maybe I shouldn't be using ipchains, but I want to NAT a few separate
> internal machines to different external addresses.
ipchains and ipmasqadm work together. in fact, you need
ipchains (to turn on masquerading) before you can do any
port forwarding.
> Is there some way of combining 1:1 NAT with 1:M NAT? Or just forwarding
> different ports (for different services) from the same external IP?
yes. it can be done but there are problems. if you just try
to port forward multiple external ip addresses onto multiple
internal ip addresses, it works but the outgoing reply
packets will all have the same source address (that of the
default route out of your network). the solution to this is
to fwmark the reply packets on their way in to the firewall
host and use iproute2 to rewrite the source addresses of the
fwmarked packets. my script at http://fwup.org/ does it or
at least claims to. i haven't been able to test the final
code there (because i don't have access to multiple public
ip addresses) and i'm pretty sure it doesn't work as is but
i know it's not far off (i've had it working in the past
when i did have brief access to multiple ip addresses). if
you want to give it try, we can get it working. but i'd
recommend switching to linux-2.4 (when you consider it
sufficiently stable for your uses) because it can be done
much more easily with iptables.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
