Lucky, If I understand correctly what you are trying to do, it is simple static network address translation. The following commands should give you static NAT. Choose an IP in your /29 and make it the public IP. Choose an IP in the internal rfc 1918 network and make it the private IP. Now try the following: ip route add nat pu.bl.ic.ip via pr.iv.at.ip ip rule add nat pu.bl.ic.ip from pr.iv.at.ip prio $PRIO ip route flush cache As for the packet filtering, you'll have to make a second set of rules. You'll need to allow the packet from outside to the public IP and you'll need to add a second set of rules to allow the packet from outside to the private IP. Good luck, -Martin On Mon, 15 Jul 2002, Lucky wrote: : Hi folks! : : I have a little problem here, probably not related to LAR and surely not to : TC, but I don't know somebody else to ask. : : The scenario is as follows: : : Router R has two connections to the internet (ippp3, static IP-Address with : and a /29er network N1 routed to, and ppp0, dynamic IP-Address), one to the : local network N2 (eth0). : Currently, R does the following: : : - masqerades all connections from N2 to the Internet : - policy-routes packets originating from connections from ippp3 back to ippp3 : - firewalls : : Now I'd like to give a Host H1 in N2 a local, private IP-Address _and_ a : public, non-private IP-Address from our /29-net. : : How would I do the routing? : I tried routing the /29-net through eth0, which lets me ping R to H1, but not : vice-versa. The routing from the internet to H1 and vice-versa also didn't : work. : I allowed nearly everything to and from the /29-net in all of the input, : forward and output-chains (I'm currently using Linux 2.2.20). : : Any help would be really appreciated. : : Please Cc' me on answers, cause I'm getting the list only in digest-mode. : : -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
