http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-SAME On Tue, 21 Sep 2004 09:38:52 -0500, Aleksandar Milivojevic <amilivojevic@xxxxxx> wrote: > Michael Barry wrote: > > I have a bunch of public IP addresses, for example, in the range > > 192.168.1.100-192.168.1.104. > > > > I have a 5 computers on my internal network statically defined from > > 192.168.0.100-192.168.0.104. > > > > I am trying to create a rule where each computer will always map to the > > same public ip address. For example I did: iptables -t nat -s > > 192.168.0.100 -j SNAT --to-source 192.168.1.100. > > I'd guess there was also "-A POSTROUTING" in above command? > > > The problem is if I try to do a ping from 192.168.0.100 it correctly > > gets translated to 192.168.1.100 and the ping goes out, but when the > > reply comes back there is an ARP request for WHO-HAS 192.168.1.100, and > > since no-one technically holds this address no reply is ever sent, and > > the ping reply gets dropped. Does anyone know a solution to this > > problem? > > This part is strange. The reply should have been translated > automatically back to your private range. I'm not sure if connection > tracking module is required for SNAT. It might be. Try doing "lsmod | > grep ip" and see if it shows up (you might also send output to mailing > list, might help somebody to help you). It is usually automatically > loaded (even when you don't expect it), but if it isn't, try loading it > with "modprobe ip_conntrack". > > -- > Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited > Systems Administrator 1499 Buffalo Place > Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 > > -- Bla bla
