When you say "My external interface,eth0, has two addresses" ... *how* did you do this? The usual way to put multiple IP addresses on a single NIC is to use a virtual interface, so you might have (using your fake numbers)
eth0 <--> 2.2.2.5
eth0:0 <--> 3.3.3.50
If this is what you did, than you should be able to insert an iptables rule something like this:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0:0 -j SNAT --to-source 3.3.3.50
Of course, this won't work if you assigned the multiple addresses to the NIC in a different way. That is why we need to know more about your setup.
BTW, you also say "I realize I could match on destination nets, but there are too many of them". What does the LEAF router's routing table look like (another SR FAQ detail ... that list of information really does serve a purpose)? Are all of these "too many" nets listed in it? If not, how do you route to them, even ignoring the NAT problem? (The eth0:0 approach above also requires that you have the routing table correct, so this question is relevant to that suggestion as well.)
At 08:18 AM 10/31/02 -0800, Jeff Newmiller wrote:
On Thu, 31 Oct 2002 [EMAIL PROTECTED] wrote:
> I can't figure out how to handle this:
>
> My external interface,eth0, has two addresses:
> (all addresses fake.)
>
> 2.2.2.5 - The true public address as seen by the Internet.
> 3.3.3.50 - An address on an intranet lan
>
> The default gateway is 2.2.2.1, the Cisco router ->T1->ISP
> The gateway for the intranet is 3.3.3.1
> On the intranet are many routers and many subnets.
>
> My internal interface, eth1, has a subnet of clients,
> 192.168.1.0/24, who want access to the internet and the intranet.
> They need to be NAT'ed.
>
> SO: to nat internet access:
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source
> 2.2.2.5
I think that --to-source should be 3.3.3.50.
> But how do I NAT the traffic to the intranet so that it will have a source of
> 3.3.3.50?
> I realize I could match on destination nets, but there are too many of them.
> I realize I could put in another ethernet card for the intranet.
> But is there a way to solve it configured as is?
> Any way to match on gateway?
I am not sure I understand your further questions. If the above
suggestion does not work, perhaps you can explain why you want all these
other options? A network diagram may be helpful.
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Perhaps you should review the SR FAQ to make sure you are providing us
enough information.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
