On Wed, 2004-09-01 at 03:59, Tomek Macioszek wrote: > Hi > I have my FIREWALL BOX with address 4.3.2.1 (eth0) and local address 192.168.10.0/24. > Now I have SNAT: > iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j SNAT --to 4.3.2.1 > I would like to make SNAT with i.e two external address. > iptables -t nat -A POSTROUTING -s 192.168.10.0/28 -o eth1 -j SNAT --to 4.3.2.1 > iptables -t nat -A POSTROUTING -s 192.168.10.128/28 -o eth1 -j SNAT --to 4.3.2.2. It is good solution? Should I make alias for eth0 with address 4.3.2.2? > Thanks for help and sorry for my English. > Best regards > T. Yes, that should work fine. You will need to bind the address to eth0 so that it responds to ARP requests: ip address add 4.3.2.2/?? dev eth0 Are you sure about the 28 bit mask for the subnets? It looks like you want /25 unless you are hiding some of your addresses. Good luck - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
