Hi Ricardo !
I haven't seen theese NATs for a long time, but
think that you've got wrong idea about the way it works.
On Wed, 20 Jan 1999, Ricardo Calixto Quesada wrote:
> Sorry if this was asked before ( I'm new in the list )
> I was playing with the Fast Network Address Translation (NAT) that came
> with the kernel,
> but after serveral tryies I only found a way to translate addresses by
> source ( but not by destination ).
>
> That is, if I told the NAT to:
>
> ip rule add from 192.168.1.10 nat 200.9.9.4
> and
> ip route add nat 200.9.9.4 via 200.9.9.1
>
> That behaves OK. The address which are from 192.168.1.10, are translated
> to 200.9.9.4 using 200.9.9.1 as a gateway.
The goal you want to achieve can be implemented
by the following steps:
ip rule add from 192.168.1.10 nat 200.9.9.4 table 10
--this line will tell kernel to substitute in the pacjet
coming from 192.168.1.10 its source adress with 200.9.9.4
and then route it according to the table 10 (or whatever
not used before). Then we say something like
ip route add 0.0.0.0/0 via 200.9.9.1 table 10
--you can put more local routes there, but if 200.9.9.1 is
the gateway for all your nets, then you'd better use table
"default" instead of 10, and don't issue the second command
as long as you already have correct default table.
For incoming packet (the "answer") you should translate the
destination adress. So you type
ip route add nat 200.9.9.4 via 192.168.1.10 table local
---packet with destination adres 200.9.9.4 will be rewritten
to adres 192.168.1.10 and then routed according to the
other tables (table local has preference 0 and is
being checked first).
Hope that I somehow clearified the situation.
Actually NAT can bring you problems, in common cases you'd
better use masquerading. Shity protocols like MS netmeeting
seem to be sending ip# information within udp packets and
thus cannot be NATed. But may be I am wrong here.
best wishes, Timur.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
