Hi All, Because I must enable Cisco tunnel keepalive mechanism and Cisco Router is at NAT inside... I made a strange network lab like below... PC01----(NAT inside eth0)Linux Firewall(NAT outside eth1)----Internet----PC02 PC01: eth0 - 10.1.1.1 eth0:0 - 1.1.1.1 Default gateway: 10.1.1.254 Linux Firewall: eth0 - 10.1.1.254 eth1 - 1.1.1.1 PC02: eth0 - 2.1.1.1 How can use PC01's eth0:0 to ping PC02's eth0 successfully, like below.. ------------------------------------------------------- $ ping -I 1.1.1.1 2.1.1.1 ------------------------------------------------------- Linux Firewall iptables configuration: ------------------------------------------------------- iptables -t nat -A POSTROUTING -s 1.1.1.1/32 -j SNAT --to 1.1.1.1 iptables -t nat -A PREROUTING -d 1.1.1.1/32 -j DNAT --to 10.1.1.1 ------------------------------------------------------- Thanks pigsign -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
