On Sunday 30 March 2003 09:58 am, Alexandru Coseru wrote: > hello.. I have the folowing problem... I have a linux gateway with > the external IP x.x.x.x and internal Ip 192.168.0.1. I want to > make a DNAT and mask a conection from the external IP , forwarded to > one of my lan's computer , and the lan computer to see it as > 192.168.0.1 , not x.x.x.x > > Example: If a packet comes from linux.org to a specific port (let's > say 1345) , i want to forward it to a lan computer ( 192.168.0.5) , > and mask that connection in a way that 192.168.0.5 sees the packet > comes from 192.168.0.1 , and not from linux.org (it's exactly as > masquarading , but in reverse way...) Not really "in reverse way" just on a different interface. > Alex iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 192.168.0.5 iptables -t nat -A POSTROUTING -o eth1 -d 192.168.0.5 -j SNAT --to 182.168.0.1 This assumes that eth0 is the external interface (with IP x.x.x.x) and eth1 is the internal with IP 192.168.0.1. You will usually need to match the traffic type as well, IE if you're DNATting http requests you should add "-p tcp --dport 80" to BOTH rules. j
