I have a bunch of public IP addresses, for example, in the range
192.168.1.100-192.168.1.104.
I have a 5 computers on my internal network statically defined from
192.168.0.100-192.168.0.104.
I am trying to create a rule where each computer will always map to the
same public ip address. For example I did: iptables -t nat -s
192.168.0.100 -j SNAT --to-source 192.168.1.100.
I'd guess there was also "-A POSTROUTING" in above command?
The problem is if I try to do a ping from 192.168.0.100 it correctly gets translated to 192.168.1.100 and the ping goes out, but when the reply comes back there is an ARP request for WHO-HAS 192.168.1.100, and since no-one technically holds this address no reply is ever sent, and the ping reply gets dropped. Does anyone know a solution to this problem?
This part is strange. The reply should have been translated automatically back to your private range. I'm not sure if connection tracking module is required for SNAT. It might be. Try doing "lsmod | grep ip" and see if it shows up (you might also send output to mailing list, might help somebody to help you). It is usually automatically loaded (even when you don't expect it), but if it isn't, try loading it with "modprobe ip_conntrack".
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
