On Monday 10 February 2003 02:05 pm, Del Winiecki wrote: > Hi, > > I have a Linux router box configured: > > Wanpipe1: upstream isp > eth1: downstream isp1 -- (public address 209.aaa.aaa.x) must not be > Nat'd > eth2: downstream isp2 -- same 209.bbb.bbb.x > eth3: company1 on 192.168.254/253/252.0 (3 class c private) must be > NAT'd > eth4: company2 on 192.168.1.0/24 must NAT'd > > All NAT'd "outside" addresses should show as one of isp1's addresses, > so just one fixed public address like 209.aaa.aaa.13, for example. > > Is it possible to accomplish this with iptables? Certainly. You just introduce some matches into the NAT rules. I assume you're talking about SNAT, to make outbound traffic heading upstream appear from only the 209.aaa.aaa.xxx address range, right? If you can isolate isp1's IP space, you could match "-s ! 209.aaa.aaa.x/yy" in the nat POSTROUTING rule that performs the SNAT and SNAT anything NOT in that ip range. If the only things you want to SNAT are the private IPs, just use "-s 192.168.0.0/16" or something similar to match only that traffic. > Del W. j
