On Thu, Apr 04, 2002 at 06:24:21PM +0100, Antony Stone wrote: > On Thursday 04 April 2002 6:13 pm, Max Inglis wrote: > > > #forward external address to internal address > > /sbin/iptables -t nat -A PREROUTING -i $INET_INTERFACE -d $HUB_EX -j > > DNAT --to $HUB_INT > > /sbin/iptables -t nat -A POSTROUTING -o $INET_INTERFACE -s $HUB_INT -j > > SNAT --to $HUB_EX > > > This obviously isn't working since I am posting to this list. Am I > > missing something? Is there something (non-iptables) that I need to do to > > make a Nat translation like this work? > > Yes - I think you are missing the proxy arp on the external interface for > your $HUB_EX address. > > Basically you have an external port on your firewall, which has its own IP > address (and will respond to arp requests for that IP). Your rules are > telling the Firewall to translate a different external address to an internal > one (which is perfectly reasonable), however unless the physical interface > actually gets that secodn external IP address attached to it, it is never > going to receive the packets you want to translate. > > I still use the old way of doing this, which is: > > ifconfig eth0 192.168.1.1 > ifconfig eth0:1 192.168.1.4 > > where 192.168.1.1 is my "real" address for that interface, and 192.168.1.4 is > the second one I want it to respond to. No doubt other people on this will > tell you the newer way of doing this, which uses the ip command.
ip addr add 192.168.1.1/24 dev eth0 ip addr add 192.168.1.4/24 dev eth0 to delete, one single 'del' removes them both because they're in the same subnet: ip addr del 192.168.1.1/24 dev eth0 Ramin > > Anyway, I think if you use one of those to get the $HUB_EX address attached > to your external interface, it'll start doing what you want :-) > > > > Antony.
