> > Is it possible to map an internal IP so that all it's outbound traffic > > looks like it's coming from one of the aliased IP's (sic) > > I wish to be able to setup some of my internal machines to have there own > > "static" live IP instead of it looking like they are coming from the main > > IP on eth0. > > I don't want to post to linux-router, ever again. > > Be that as it may, my first idea of static routes wouldn't work. They > specify a destination, a remote IP/CIDR, and the nic the traffic goes > out of. They don't specify the IP the traffic goes out of. Hmmm. > > Maybe this is what static nat can do. Anyone?
Yes, this is an application for static-NAT. There is support for this in the default Dachstein scripts (via "psudo" natX_ interfaces), primarily intented for DMZ application. If you want to "roll your own", the basic commands are: ip route add nat $1 via $2 to NAT inbound traffic, and: ip rule add prio $PRIORITY from $2 nat $1 to NAT outbound traffic. $PRIORITY is an arbitrary priority number (must be unique for multiple NAT rules), $1 is the public IP, and $2 is the private IP NOTE: When running static NAT, you must *NOT* assign the NAT'd public IP as an alias IP to the external interface. Adding the NAT rules takes care of getting the kernel to configure the TCP/IP stack to respond as if the NAT'd IP was assigned to a local interface. Of course, you'll also need appropriate firewall rules in place. I'd suggest simply adding a DMZ network to a Dachstein firewall and using it's built-in ability to run a static-NAT DMZ, but you could use an IP in your internal network as the destination...in this case, however, you're on your own for firewall rules... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
