/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On Mon, 1 Jul 2002 15:34:32 +0100
"Moore, Paul" <[EMAIL PROTECTED]> wrote:
> From: Moore, Paul
> > I'm trying to decide if IP Masquerading is what I'm looking
> > for, to solve a particular problem. I've looked through the
> > HOWTO, and the IPMasq site, and I haven't found the answer,
> > so I thought I'd be best trying the list. I apologise in
> > advance if I've missed an existing answer to my question - I
> > did try, but I'm not a network expert, so I may have missed
> > something obvious.
>
> Hmm, I've just seen FAQ 26 in the HOWTO ("Can IP Masquerade work with
> only ONE Ethernet network card?"). My server only has one network card
> (essentially, as it is only connected to one network, it's just that it
> has privileges that other machines on that network don't have). SO I
> guess that answers my question, IP Masquerade isn't really what I'm
> after.
Actually, it is what you are looking for. You're just looking to use it
differently than how the HOWTO assumes. If I understand what your're
after, you are looking to make sure that all connections to a client
network are show as originating from the same IP address even though they
are in fact coming from a variety of IP addresses, this is most certainly
NAT.
Here are the basics of what you would need to do. Make sure that the
system you are going to use as the gateway to the client's network/system,
lets call this machine CG (client gateway) can indeed connect to the
client's network/system. Arrange for all desired internal machines to
have a route(s) added that list the CG as their gateway to the clients
network. Then on the CG system, configure iptables (or ipchains) to
NAT/MASQ all traffic from the internal machines to the client network.
The above should work regardless of whether or not you have one NIC,
provided that the CG system has the appropriate routing information to
reach the client's network/system. It will simply be rewriting the source
portion of the IP packets with it's own IP address and sending the packets
back out the same interface.
If you need assistance in configuring things, I'd be happy to help.
--
Jamin W. Collins
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
