On Sat, Dec 20, 2003 at 10:07:01AM +0100, Søren Kent Jensen wrote: > What you need is: > arp -s <Outside IP> <Outside MAC> pub > and a route to the <Outside IP> via the internal interface. And do you know how he can add these two variables dynamically to his system? Ramin > > That should do the trick. > > Regards > Søren Kent Jensen > > > ----- Original Message ----- > From: "Ramin Dousti" <ramin@xxxxxxxxxxxxxxxxxxxx> > To: "Ben Becker" <bbecker2@xxxxxxxxxx> > Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> > Sent: Saturday, December 20, 2003 1:30 AM > Subject: Re: NAT setup > > > > Hi Ben, > > > > Very interesting concept. There are two major parts to this: > > > > 1) Outbound packets from those static IP's to your gateway. > > this can be done by enabling proxy-arp on your gateway > > to answer to any arp request. This way the clients would > > hand over their traffic to your gateway. Subsequently > > your gateway would SNAT them and throw it on the Internet. > > > > 2) Inbound reply packets coming from the outside. This is a bit > > tricky because, once they're in and de-SNATed, your gateway > > must know where to send them to. Since your gateway has only > > one default route and no knowledge about those static IP's > > behind it, it would automatically send the reply packets back > > to the Internet. You might overcome this by blindly forwarding > > these ESTABLISHED incoming packets through your internal interface > > but you still need to somehow do an ARP for an IP outside your > > LAN segment. At this point I don't have any simple solution > > for that. But there are some very sharp ARP people here on the > > list who could hack something together for you or give you > > a pointer to an already hacked solution. > > > > > > Ramin > > > > > > On Fri, Dec 19, 2003 at 05:21:29PM -0500, Ben Becker wrote: > > > > > Hello everybody, > > > > > > I'm trying to figure out a way to set up basic NAT, but with the ability > > > to allow users on the local side to use any static IP configuration. > > > Quick Example: somebody has a static IP configured on their laptop, > > > stays at a hotel with Internet access, and will be able to browse the > > > Internet without changing their IP settings. > > > > > > My first question is: does anybody know what this feature is called? > > > Second question: Is it possible to do this with netfilter? I'm thinking > > > this would require creating a new virtual interface for each user's > > > configuration to match their gateway (among other things), but I'm > > > hoping netfilter has some magical way of doing this (hoping). If not, > > > does anybody know of any software that can do this? > > > > > > Regards, > > > Ben Becker > > > > > > > >
