Re: [LARTC] routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You could do it with kernel 2.2 without port assignment too:
You can keep to use your ordinary maquerade and add two line of commands
below :

Make IP NAT:
- ip rule add from 192.168.0.5/32 nat 194.219.85.4
(to make NAT a subnetwork form 192.168.0.4 - 192.168.0.7 just change prefik
to 30:
- ip rule add from 192.168.0.4/30 nat 194.219.85.4)


Add IP aliasing 194.219.85.4 to interface with real address: (e.g: eth0)
- ifconfig eth0:0 194.219.85.4 netmask 255.255.255.0
( or use IP command:
- ip addr add 194.219.85.4/24 dev eth0 )

Note: you must active advance networking option at linux kernel
configuration before use ip command.

Regards,
Junus Junarto D


> --__--__--
>
> Date: Wed, 03 Jan 2001 07:37:31 -0500
> From: "David A. Bandel" <david@xxxxxxxxxxx>
> Organization: Pananix, S.A.
> To: Spyros Dimas <spyros@xxxxxxxxxx>
> Cc: lartc@xxxxxxxxxxxxxxx
> Subject: Re: [LARTC] routing
>
> Spyros Dimas wrote:
> >
> > Hello and Happy New Year!
> > We have a LAN with 2 interfaces. One is configured with addresses
> > 192.168.0.x (pseudo-addresses) and other one with real addresses, so we
> > use ip-masquerade. But we would like one of workstation witch has a
> > address 192.168.0.5 to have a real address, such us 194.219.85.4, on the
> >
> > first interface or on the second. Could you tell us how we can do it. Or
> > if you have
> > another idea. Thanks.
>
> This is really an issue for your firewall/masquerade software.  If you
> are masquerading using Linux and either ipchains (2.2.x) or iptables
> (2.4.x) it's easy.
>
> In either case, your firewall/masquerade server needs to have
> 194.219.85.4 aliased on the external interface, then:
>
> 2.2.x:
> get ipmasqadm and set up a portforward from the masq server to the
> workstation. Assuming you want to forward only port 80, the following
> will work:
> ipmasqadm portfw -a -P tcp -L 194.219.85.4 80 -R 192.168.0.5 80
>
> better:
> 2.4.x:
> use iptables and runthe following:
> iptables -t nat -A PREROUTING -d 194.219.85.4 -p tcp --dport 80 -j DNAT
> --to-destination 192.168.0.5:80
>
> With iptables you can easily omit the port stuff so everything passes
> (just like the workstation is on the Internet) or qualify your matches
> with -m multiport and select several individual ports or a range (or
> ranges) of ports.
>
> Ciao,
>
> David A. Bandel
> --
> Focus on the dream, not the competition.
> -- Nemesis Racing Team motto
> *** sent via a Linux 2.4.0-test12 system ***
>
>
>
> --__--__--
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/mailman/listinfo/lartc


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux