infact i belive thats the only way your going to get it done with iptables
and also by using some Tricky Established,Related rules in for the SNAT back out to the internet and maybee also set the TIME_WAIT limit and the LAST_ACK to a minimal amount .. :D >My solution was to bind the public ips for the internal machine on the=20 >respective interfaces on the firewall. Therefore the firewall will = reply to =20 >arp requests from routers. eg. >ifconfig eth1:0 62.2.159.14 netmask 255.255.255.192 <-- replace the = >netmask=20 >with your own. >ifconfig eht2:0 194.38.85.209 netmask 255.255.255.0 > >Hope this helps > >Ray That was some good advice Ray .. :-D
