hi, if you map the addresses onto one interface you have to write dnat rules for every single address imho. if someone wants to connect to 1.2.3.4 e.g. a mailer, and this machine is behind the firewall, maybe the DMZ, you have to dnat it to the destination machine in your DMZ. maybe you have another machine in your DMZ that serves http to the outworld on ip 1.2.3.5 and the http server does not run on the same machine like the mailer you have to write a rule to dnat http traffic from 1.2.3.5 to dmz http server. at least i do that in my configurations. greets /matthias > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of > Aseem Rastogi > Sent: Monday, October 17, 2005 12:45 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: NAT rules for Multiple IPAddresses on same physical interface > > > Hi All, > > I have a situation where my machine has one ethernet interface but i > have assigned it multiple ipaddresses on same interface. Now > I want to > add some NAT rules so that a packet destined for my machine and port > 3023 is redirected to some other IP and port. > > Do I need to write rules for each of the IPAddresses that my machine > has? Or is there a way in NAT PREROUTING to identify if this > packet is > for localhost (Of course something other than --destination)? > I do not > want to write rules for each IPAddress, rather I am looking > for a way to > identify if this packet is for me. > > Thanks in advance, > > Regards, > Aseem. > > -- > The end is always good. If it's not good, it's not the end. > > > > >
