Sure, just DNAT without specifying tcp or udp ports. On 3/6/06, Jason Sigurdur <Jason.Sigurdur@xxxxxxxxxxxxx> wrote: > Hi, I am in the same scenario. My eth0 will have a different address > assigned by the isp, and a different internet valid pool assigned to us > to use. The isp will route all traffic to our eth0 for the assigned > pool. > > My question is that is it possible to DNAT the 'assigned' address pool > into the Lan without having an interface with that address? > > Thx jason > > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of George > Alexandru Dragoi > Sent: Sunday, March 05, 2006 10:56 AM > To: Sandeep Agarwal > Cc: netfilter > Subject: Re: How to use Real IP inside the LAN > > If the ISP routed an 8 ip subnet (let's say 1.1.1.128/29) to you > (consider having an ip on eth0 from a different pool), then you can > configure the ip 1.1.1.129 on eth1, with subnet mask 255.255.255.248, > and the ips from 1.1.1.130 to 1.1.1.134 with same subnet mask above on > the PC, VOIP device and Web Server, also enable ip_forward on the > Linux Box with command > > # echo 1 > /proc/sys/net/ipv4/ip_forward > > .. then it will just work. > > On 3/3/06, Sandeep Agarwal <sandeep_agarwal@xxxxxxxxxxx> wrote: > > Dear All, > > > > I have following setup. > > > > ISP---->|eth0|Linux Box|eth1|------>|Switch|--->PC (LAN IP) > > |--->VOIP > Device > > (Cisco) (Real IP) > > > |--->WebServer > > (Real IP) > > > > ISP has provided 8 IP Pool. > > No DMZ configuration is there. Simple rc.firewall is working. > > Now I want to use Real IP inside the LAN. > > What is the right way to do this? > > > > Will it be worthwhile, If I make aliases like eth1:1 & assign a Real > IP from > > pool? > > If this is ok, than which rules I have to add in iptables? > > > > Thanks > > Sandeep > > > > > > > -- > Bla bla > > -- Bla bla
