Cheers Raymond, Can you comment on or compare your suggestion to a proxy arp method. I know nothing about proxy arp !!!
Tom At 10:56 08/04/2002 +0200, Raymond Leach wrote: >OK. > >To get DNAT to work this is what I had to do: > >1. Setup the i[ptables filter rules to allow and redirect traffic to the >machines (INPUT, FORWARD, OUTPUT, POSTROUTING ) >2. Then I had to setup ip aliases on the firewall (with the internet >addresses of the DNATed machines) to 'accept' the traffic for the DNATed >machines. The alternative is proxy- >arp. > >That's it ... > >Ray
