You could do it with kernel 2.2 without port assignment too: You can keep to use your ordinary maquerade and add two line of commands below : Make IP NAT: - ip rule add from 192.168.0.5/32 nat 194.219.85.4 (to make NAT a subnetwork form 192.168.0.4 - 192.168.0.7 just change prefik to 30: - ip rule add from 192.168.0.4/30 nat 194.219.85.4) Add IP aliasing 194.219.85.4 to interface with real address: (e.g: eth0) - ifconfig eth0:0 194.219.85.4 netmask 255.255.255.0 ( or use IP command: - ip addr add 194.219.85.4/24 dev eth0 ) Note: you must active advance networking option at linux kernel configuration before use ip command. Regards, Junus Junarto D > --__--__-- > > Date: Wed, 03 Jan 2001 07:37:31 -0500 > From: "David A. Bandel" <david@xxxxxxxxxxx> > Organization: Pananix, S.A. > To: Spyros Dimas <spyros@xxxxxxxxxx> > Cc: lartc@xxxxxxxxxxxxxxx > Subject: Re: [LARTC] routing > > Spyros Dimas wrote: > > > > Hello and Happy New Year! > > We have a LAN with 2 interfaces. One is configured with addresses > > 192.168.0.x (pseudo-addresses) and other one with real addresses, so we > > use ip-masquerade. But we would like one of workstation witch has a > > address 192.168.0.5 to have a real address, such us 194.219.85.4, on the > > > > first interface or on the second. Could you tell us how we can do it. Or > > if you have > > another idea. Thanks. > > This is really an issue for your firewall/masquerade software. If you > are masquerading using Linux and either ipchains (2.2.x) or iptables > (2.4.x) it's easy. > > In either case, your firewall/masquerade server needs to have > 194.219.85.4 aliased on the external interface, then: > > 2.2.x: > get ipmasqadm and set up a portforward from the masq server to the > workstation. Assuming you want to forward only port 80, the following > will work: > ipmasqadm portfw -a -P tcp -L 194.219.85.4 80 -R 192.168.0.5 80 > > better: > 2.4.x: > use iptables and runthe following: > iptables -t nat -A PREROUTING -d 194.219.85.4 -p tcp --dport 80 -j DNAT > --to-destination 192.168.0.5:80 > > With iptables you can easily omit the port stuff so everything passes > (just like the workstation is on the Internet) or qualify your matches > with -m multiport and select several individual ports or a range (or > ranges) of ports. > > Ciao, > > David A. Bandel > -- > Focus on the dream, not the competition. > -- Nemesis Racing Team motto > *** sent via a Linux 2.4.0-test12 system *** > > > > --__--__-- > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
