So you want packets leaving the WAN to have address e.f.g.h/26 rather
than a.b.c.d/30
That would mean you ISP has assigned you the two ranges e.f.g.h and
a.b.c.d.
Your gateway cannot be a gateway from this diagram
That must be e.f.g.h/27 GW has
e.f.g.h/27 and e.f.g.h/26 interfaces
> >> DMZ GW/FW ISP/Internet
> >>-----------------------------------------------------------------------
> >> Server #1 --|
> >> e.f.g.h3/26 |
> >> |---- Gateway/Firewall --- ISP WAN IP: a.b.c.d/30
> >> Server #2 --| a.b.c.d1/30 Ext. IP: e.f.g.h/26
> >> e.f.g.h4/26 e.f.g.h1/26
> >>----------------------------------------------------------------------
I would assume what you will end up doing is
iptables -t nat -A POSTROUTING -m mac-source <MACSERVER1> -j SNAT --to-
source <ALIAS1 of GW>
iptables -t nat -A POSTROUTING -m mac-source <MACSERVER2> -j SNAT --to-
source <ALIAS2 of GW>
Where ALIAS1 and ALIAS2 are the IP's of server 1 and server 2 aliased on
the firewall
Regards
Shane
On Tue, 2005-10-25 at 14:58 +0200, Daniel Frederiksen wrote:
> Oscar Mechanic wrote:
> > Maybe I have missed somthing and you need to do it in POSTROUTING but
> > how about SNAT.
> >
>
> Well currently I do not NAT at all. I have ip_forwarding enabled and
> have assigned the first IP from the external block on the inside of the
> Gateway/Firewall. On the outside of the Gateway/Firewall I have assigned
> the WAN IP. This way when a system on the DMZ establishes a connection
> it is forwarded through the Gateway.
>
> Any suggestions to changes are appreciated.
>
> /Daniel..
>
> > PS: ip can do stateless nat.
> >
> > On Tue, 2005-
> > 10-25 at 14:36 +0200, Daniel Frederiksen wrote:
> >
> >>Hello folks..
> >>
> >>Does any of you know if it is possible to rewrite the ip src in a packet.
> >>I have a problem involving a DMZ with external IP addresses routed
> >>trough a single WAN IP. When the server initiates a connection, it looks
> >>like it comes from the WAN ip instead of it's designated External IP
> >>routed through the WAN.
> >>So in short, Is it possible to rewrite the packet in the router, with
> >>Iptables, to make it look like it comes from the external IP address
> >>instead of the WAN IP of the router/firewall.
> >>
> >>Thank you very much for your time, I appreciate it.
> >>
> >>/Daniel Frederiksen
> >>
> >>
> >>NB: Small diagram of the setup.
> >>
> >> DMZ GW/FW ISP/Internet
> >>-----------------------------------------------------------------------
> >> Server #1 --|
> >> e.f.g.h3/26 |
> >> |---- Gateway/Firewall --- ISP WAN IP: a.b.c.d/30
> >> Server #2 --| a.b.c.d1/30 Ext. IP: e.f.g.h/26
> >> e.f.g.h4/26 e.f.g.h1/26
> >>----------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>LARTC mailing list
> >>LARTC@xxxxxxxxxxxxxxx
> >>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> >
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
