Bridging comes to mind here as well: bridge.sourceforge.net ebtables.sourceforge.net Bob -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Alexander Konovalenko Sent: Wednesday, February 11, 2004 11:24 AM To: netfilter@xxxxxxxxxxxxxxxxxxx; sceotjp@xxxxxxxxx Cc: raymondl@xxxxxxxxxxxxxxxxxxxxxx Subject: Re: Internet Servers behind firewall (passthrough) [ ... ] >> I have 10 public(internet) IP addresses, each for a server. [ ... ] >> I would like this Linux "routing machine" to take all traffic to the 10 >> internet IP's >> and pass them straight on to the servers connected on the other side of this >> machine. >> >You need to investigate DNAT. No, you don't. DNAT is a form of Network Address Translation which would be necessary if you didn't have enough public IP addresses. What you need is to set up your Red Hat machine (one that is directly connected to the internet) to be a router, that is, to forward IP packets it gets from both sides in the right direction. You can read how IP routing works in the Linux Network Administrator's guide at http://www.tldp.org/LDP/nag2/x-087-2-issues.html. Start from there and then search for any additional info on how to set up routing table for your router. Notice that this issue is offtopic in this list, which is dedicated to packet _filtering_, NAT, etc. You may want to set up some kind of firewalling at your router to protect your servers against different kinds of attacks or abuse. _This_ is done using iptables. Please consult appropriate documentation at http://www.netfilter.org/ and http://www.tldp.org/ first. -- alexkon
