Re: [Nolug] networking question

Friedrich Gurtler wrote:
> Stupid question, but if you are going to forward all the ports, why not
> just put it on the other side of your linux box?
>
> ISP--------- Linux box
> | -------other box

Agreed. make it look like this

ISP---->Switch
         | |
Linux box NAT router----local LAN

If you want to do one-to-one NAT mapping, add the alias to your firewall
(as you mentioned) and do something like this:

iptables -t nat -A PREROUTING -d $REALADDRESS -j DNAT --to $INTERNALIP
iptables -t nat -A POSTROUTING -s $INTERNALIP -j SNAT --to $REALADDRESS

The first line will repoint the incoming packets to the actual address
used by the interface. The second will make the leaving packets appear
to have come from the real IP address.

>
> Is that what you are ruling out when you say the existing nat has to
> stay in place? Whats the reasoning behind it? (Just curious)
>
>
> Joey Kelly wrote:
>
>> I have a the following scenario, and don't know exactly how to make it
>> work:
>>
>> My client has 5 or so IP addresses from their provider. I have a Linux
>> box sitting on one of the IPs, and I'm doing NAT for the office LAN
>> behind it. I also have a server that I need to open up completely to
>> the net, such that all traffic to a certain IP gets forwarded to the
>> server (I know, I know, but humor me). The existing NAT has to stay in
>> place.
>>
>> I'm using iptables to do the NAT. I suppose that can also forward all
>> ports for the second IP to the internal server, or perhaps a utility
>> like rinetd could do it. Either way, I know that I have to place the
>> second public IP on my external NIC (this part I can do).
>>
>> So... what do I do next?
>>
>> Thanks.
>>
>>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>

-- 
Scott Harney <scotth@scottharney.com>
"Asking the wrong questions is the leading cause of wrong answers"
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
___________________
Nolug mailing list
nolug@nolug.org