Hello, : This solution above has a drawback. If i have to provide a different : service on a different computer in the internal network I can't, since : every package that reaches the linux router is being redirected to the : same computer in the internal network. Assume that besides the web : service in 192.168.100.10-192.168.100.17 (IP alias used here) we want : to to provide ssh service on 192.168.100.20-192.168.100.21 and want to : source routing both services in the linux. I believe that to solve this : i need to operate with iptables and iproute together and DNAT the : requests according to the port it is addressed to. It seems that : iproute by itself cannot do that. But to accomplish this i thing that a : solid knowledge of how the packages traverse the kernel is necessary : and that is what I am not sure about. So I would really appreciate if : anyone could help me write the iptables and iproute rules for the : example just mentioned. That would be a great help. With regard to describing how a packet traverses the kernel, you will find the KPTD and docum.org very helpful [0]. I would also suggest considering (for your described application of the technology) that you look at the --ctorigdst conntrack patch to netfilter [1]. -Martin [0] http://www.docum.org/stef.coene/qos/kptd/ [1] http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.3 Try googling for ctorigdst also! http://www.google.com/search?q=ctorigdst -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
