/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
First off, you could use ip_tables in linux 2.4 which makes forwarding ip
address to ip address a lot easier, I've found that ding port forwards seems
to work a lot better in linux 2.2 using ip_chains. So you'll need to
forward each port that you need to use on the second server.
As for the proper source ip address, for incoming ip connections that are
forward (for example 206.215.12.3 port 80 to 192.168.185.3 port 80) it
_seems_ that ipchains handles this correctly, making sure the reply packet
has the 206.214.12.3 source address (on the returning data) instead of the
default route.
BUT, if you are talking about outgoing connections that are started on your
internal network, they will have the source ip of the "nat'd" ip address.
So, if you need _all_ traffic to and from 192.168.185.3 to go out a
different "nat" ip address, you need to look at iptables, or create a
strange multi-net and have your "server" on a different class C as the rest
of your workstations, and use routing to route the packets out a different
direction.
-----Original Message-----
From: raf [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 1:55 AM
To: [EMAIL PROTECTED]
Subject: Re: [Masq] How to 1:1 NAT ??
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Solomon Riviera wrote:
> Hello,
>
> I would like to perform 1:1 NAT in the following scenario:
> I have a firewall which has a network card connected to the internet with
> two valid internet addresses, one is the main address (204.15.12.44) and
the
> other one is an ipalias (204.15.12.45) for the network card. I also have a
> server in the intranet zone (192.168.0.130), I want to access this server
> from the outside (internet),, so I need two things:
> 1) I need All traffic comming from the internet to the ipalias
> (204.15.12.45) to be routed to the 192.168.0.130 server.
> 2) I also need All traffic from the 192.168.0.130 to the internet to be
> masqued with the ipalias (204.15.12.45) address.
> How to do this with IPChains??
> The main address on the firewall is already masquing the rest of the
> intranet servers.
>
> Thank you.
> Solomon Riviera
have a look at http://fwup.org/ and try the alias
portforwarding mode that it attempts to provide.
i had it working in the past but i've never tested
the final version. i've received negative reports
about it but without enough information to get it
working so i don't know if it's my falut or theirs.
if it doesn't work, let me know and maybe i can fix
it with your help.
the only real problem with this is making sure that
the outgoing reply packets get the right source
address (that of the alias). by default, it'll
get the address of the default route's interface,
not the address of the alias. this can be done
by using the iproute2 package to do some fwmark nat.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
