On Thursday 20 February 2003 03:34 pm, Del Winiecki wrote: > Ok, another challenge. > > SNAT works fine, but I need the outside WAN address to look as if it > came from an address on the eth1 network, not the Upstream WAN > network. My linux router ports: > > eth4 192.168.1.0/24 ------------ (local offices, admin net) > > eth1 209.x.x.x/24 -------- (downstream WAN) > > WAN1 64.x.x.x/30 --------- (upstream provider) > > all traffic from 192.168.1.0/24 must look like its from 209.x.x.13 > > traffic flowing into WAN1 with a destination address of 209.x.x.13 > somehow needs to get routed out the eth4 interface and "un-natted" > instead of routing out eth1. > > I have: > iptables -t nat -A POSTROUTING -o WAN1 -j SNAT --to 209.x.x.13 > > Is there some way to use DNAT to fool the kernel routing into properly > routing this? Since you only want traffic from the 192.168.1.x network to be SNATted, you should construct your rule with that requirement: iptables -t nat -A POSTROUTING -i 192.168.1.0/24 -o WAN1 -j SNAT --to 209.x.x.13 Netfilter will then reverse SNAT those packets correctly. (the rule you have above will make ALL traffic going out WAN1 appear from that single IP) If you want NEW traffic addressed to 209.x.x.13 to be DNATted into the 192.168.1.x network that isn't a problem, but you have to specify a precise destination (or destinations) for the traffic in one or more DNAT rules. j > Thanks, > Del W.
