Situation: one machine ALPHA with only one nic. This machine has 3 addresses, all bound to the same interface: Aa that his its public address, Ba that is another public address, Ca that is a private address. There is in the net a second machine BETA, with 2 modems connected. This machine has another NIc with 2 addresses, one Ab on the same subnet that Aa and Ba and one Cb on the same subnet that C (physically the subnet is the same) the modem is given one addresses Cm on "C" subnet. The problem: ALPHA should act as a router-firewall and let pass all the traffic to the Ab and Cb address but some ports (80 135 137 139 443 445). But any traffic originating from Cm must deserve a special treatment: it must be masqueraded and appearing as originating from Ba, without any filtering. How to do ? I have the rules for masq: if i connect a single host whit the CM address it works nicely, but if i call from outside i can log on any machine using a C address, but i do not traverse the "fw" as i do if i use the same address directly. If i traceroute from outside instead i get a ping ! any hint ? rules are vettore:~# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT all -- anywhere 150.217.9.154 to:172.25.9.195 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 172.25.9.195 anywhere to:150.217.9.154 Chain OUTPUT (policy ACCEPT) target prot opt source destination
