On Thursday 04 April 2002 6:13 pm, Max Inglis wrote: > #forward external address to internal address > /sbin/iptables -t nat -A PREROUTING -i $INET_INTERFACE -d $HUB_EX -j > DNAT --to $HUB_INT > /sbin/iptables -t nat -A POSTROUTING -o $INET_INTERFACE -s $HUB_INT -j > SNAT --to $HUB_EX
> This obviously isn't working since I am posting to this list. Am I > missing something? Is there something (non-iptables) that I need to do to > make a Nat translation like this work? Yes - I think you are missing the proxy arp on the external interface for your $HUB_EX address. Basically you have an external port on your firewall, which has its own IP address (and will respond to arp requests for that IP). Your rules are telling the Firewall to translate a different external address to an internal one (which is perfectly reasonable), however unless the physical interface actually gets that secodn external IP address attached to it, it is never going to receive the packets you want to translate. I still use the old way of doing this, which is: ifconfig eth0 192.168.1.1 ifconfig eth0:1 192.168.1.4 where 192.168.1.1 is my "real" address for that interface, and 192.168.1.4 is the second one I want it to respond to. No doubt other people on this will tell you the newer way of doing this, which uses the ip command. Anyway, I think if you use one of those to get the $HUB_EX address attached to your external interface, it'll start doing what you want :-) Antony.
