What you need is: arp -s <Outside IP> <Outside MAC> pub and a route to the <Outside IP> via the internal interface. That should do the trick. Regards Søren Kent Jensen ----- Original Message ----- From: "Ramin Dousti" <ramin@xxxxxxxxxxxxxxxxxxxx> To: "Ben Becker" <bbecker2@xxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Saturday, December 20, 2003 1:30 AM Subject: Re: NAT setup > Hi Ben, > > Very interesting concept. There are two major parts to this: > > 1) Outbound packets from those static IP's to your gateway. > this can be done by enabling proxy-arp on your gateway > to answer to any arp request. This way the clients would > hand over their traffic to your gateway. Subsequently > your gateway would SNAT them and throw it on the Internet. > > 2) Inbound reply packets coming from the outside. This is a bit > tricky because, once they're in and de-SNATed, your gateway > must know where to send them to. Since your gateway has only > one default route and no knowledge about those static IP's > behind it, it would automatically send the reply packets back > to the Internet. You might overcome this by blindly forwarding > these ESTABLISHED incoming packets through your internal interface > but you still need to somehow do an ARP for an IP outside your > LAN segment. At this point I don't have any simple solution > for that. But there are some very sharp ARP people here on the > list who could hack something together for you or give you > a pointer to an already hacked solution. > > > Ramin > > > On Fri, Dec 19, 2003 at 05:21:29PM -0500, Ben Becker wrote: > > > Hello everybody, > > > > I'm trying to figure out a way to set up basic NAT, but with the ability > > to allow users on the local side to use any static IP configuration. > > Quick Example: somebody has a static IP configured on their laptop, > > stays at a hotel with Internet access, and will be able to browse the > > Internet without changing their IP settings. > > > > My first question is: does anybody know what this feature is called? > > Second question: Is it possible to do this with netfilter? I'm thinking > > this would require creating a new virtual interface for each user's > > configuration to match their gateway (among other things), but I'm > > hoping netfilter has some magical way of doing this (hoping). If not, > > does anybody know of any software that can do this? > > > > Regards, > > Ben Becker > > > >
