Spyros Dimas wrote: > > Hello and Happy New Year! > We have a LAN with 2 interfaces. One is configured with addresses > 192.168.0.x (pseudo-addresses) and other one with real addresses, so we > use ip-masquerade. But we would like one of workstation witch has a > address 192.168.0.5 to have a real address, such us 194.219.85.4, on the > > first interface or on the second. Could you tell us how we can do it. Or > if you have > another idea. Thanks. This is really an issue for your firewall/masquerade software. If you are masquerading using Linux and either ipchains (2.2.x) or iptables (2.4.x) it's easy. In either case, your firewall/masquerade server needs to have 194.219.85.4 aliased on the external interface, then: 2.2.x: get ipmasqadm and set up a portforward from the masq server to the workstation. Assuming you want to forward only port 80, the following will work: ipmasqadm portfw -a -P tcp -L 194.219.85.4 80 -R 192.168.0.5 80 better: 2.4.x: use iptables and runthe following: iptables -t nat -A PREROUTING -d 194.219.85.4 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.5:80 With iptables you can easily omit the port stuff so everything passes (just like the workstation is on the Internet) or qualify your matches with -m multiport and select several individual ports or a range (or ranges) of ports. Ciao, David A. Bandel -- Focus on the dream, not the competition. -- Nemesis Racing Team motto *** sent via a Linux 2.4.0-test12 system ***
