*VERY* easy. No routing rules involved, just IPTABLES: For your workstation: # iptables -t nat -A POSTROUTING -s 192.168.0.5 (your workstation statis IP) -o eth0 -j SNAT --to PUBLIC_IP_1 Then, for everyone else: # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to PUBLIC_IP_2 -Ken -----Original Message----- From: Justin Richer [mailto:ru2def@whoever.com] Sent: Monday, October 28, 2002 11:28 AM To: lartc@mailman.ds9a.nl Subject: 2-NIC DMZ? Hi all, I have two static IPs from my ISP. I would like one of these IPs to be directed to my desktop box all the time, and the other to be directed to a DHCP-served NAT network. I've nearly gotten it working using iptables and iproute2, but one problem is that i would like packets coming from my desktop box via the firewall to be printed with my desktop's external IP. They are currently being seen as from the NAT-hosted IP, which is the main IP address of the firewall box's external NIC. My setup looks like this: DSL Bridge -> [eth0] Firewall [eth1] -> 8-port-switch -> static desktop \-> (NAT cloud) is it possible to send packets from the firewall looking like they came from a different external IP address based on which internal IP they were routed from? it seems to me it really should be possible to do ... just, how? Thanks, -- Justin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
