В Срд, 15/04/2009 в 11:46 -0500, sgmayo@xxxxxxxxxxxxxxxxxxxxxxxxx пишет: > I have my machines on a private network that are then NATed to one of my > public IPs. > > i.e. > IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $Public_IP > > Every once in a bit I need to do something with a public IP other than the > one that is SNATed. I usually just plug the machine into the public side > of the switch and let it have a public IP. > > I was just curious if there was a way that I could stick the public IP > machine inside my private network and have my IPTABLEs route anything > coming from ETH1 (my private network card) with a public IP that is within > my public IP range, to just go on to the outside world without getting > SNATed. > > In othewords if I put public ip xx.xx.xx.xx in a windows machine and stuck > it in my private network then it would still have public ip xx.xx.xx.xx > instead of $Public_IP (from the above SNAT) when it came out of my box. I would do that like this: iptables -t nat -A POSTROUTING -o ext_if -s $Privat_IP2 -j SNAT --to-source $Public_IP2 iptables -t nat -A PREROUTING -i ext_if -d $Public_IP2 -j DNAT --to-destination $Privat_IP2 -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html