[Wylug-help] IP Forwarding with IP tables
James Holden
wylug at jamesholden.net
Thu Oct 13 18:42:08 BST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gary Stainburn wrote:
> Hi folks.
>
> probably a FAQ but I'm struggling.
> I have an internet connection linked to eth1 and a LAN connected to eth0
>
> I want to set up simple 1-to-1 NATing thus:
>
> x.y.z.141 == 10.1.1.141
> x.y.z.142 == 10.1.1.142
> x.y.z.143 == 10.1.1.143
>
> so that incoming traffic to .141 goes to the right place. This bit I've
> sorted. but the problem I've got is how do I get the outgoing to appear
> to come from the correct IP address and not the normal IP addres of
> eth1
I'm not quite sure what you want to do.
If eth1 is an internet connection, has your provider assigned you the
x.y.z.142 and x.y.z.143 addresses? If they haven't, you can't do this.
If they have, don't forget that whatever routes packets *to* eth1 will
need to know that packets for the x.y.z.n addresses should be routed to
the primary public address on eth1.
If you're trying to NAT to many machines on the inside, and those
machines need to run the same services, then you'll need to NAT the
destination port too. For instance:
x.y.z.141 port 2022 == 10.1.1.141 port 22
x.y.z.141 port 3022 == 10.1.1.142 port 22
This is what you would do if you wanted to SSH to two different machines
inside the firewall.
james
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFDTpX/mHdHQoNYhjoRAnkgAKDYqJ9e0S7fLIPJpAWijJUw7faJvwCePh5m
/ZmbjEq2umSWGcmeCtO7LVg=
=aHTC
-----END PGP SIGNATURE-----
More information about the Wylug-help
mailing list