On Mon, 22 Nov 2004, Peter Volkov Alexandrovich wrote:
Yes. I think it's a bit excessive to use ip utitlity to add additional address to interface and then to use iptables to make DNAT and SNAT to map LAN's ip address on external internet's ip address.
iptables NAT does not require any additional IP addresses not required for Route NAT. Your only need to add IP addresses if this is your means to get the surrounding network to route the required packets to the box.
It's much more naturally to use two commands with ip utility and route nat. Just one direction DNAT (ip route add nat ...) and another direction SNAT (ip rule add nat ...). Very simple.
iptables NAT is not much different in this respect.
Regards Henrik - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
