AW: Redirecting packets

Fri, 12 Apr 2002 10:12:50 -0700 


Hi

Please correct me if I'm wrong. But what you describe sound incredible to
me. 

i'm not sure whether I got you right. As much as I understood you have this:

        Inet (public IP - controlled by isp)
        10.0.40.x/32 (ISP owned; NAT)
            |
              |
        10.0.40.30/32 (ISP owned; NAT)
      192.168.1.x/32   NAT 
            |
              |
        192.168.1.0/24  LAN

and you want to have this:



          internet
                |
        your.public subnet (NAT; IP owned by you)
                |
 isp sets up a route to your public subnet
              |
        10.0.40.30/32    NAT (IP owned by ISP)
      192.168.1.x/32   NAT 
            |
              |
        192.168.1.0/24  LAN

So your ISP routes your 10.0.40.30 address directly into the internet.
Hmmm...weird technique. I don't get it. 

Can you please draw that?

Philipp

> -----Urspr�ngliche Nachricht-----
> Von: Oscar Valdez [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 12. April 2002 19:07
> An: [EMAIL PROTECTED]
> Betreff: Redirecting packets
> 
> 
> I have a dual-homed Iptables box.
> 
> Both interfaces are using "reserved" ip addresses: eth0 faces 
> my LAN, and uses
> address 192.168.1.1/24, and eth1 faces my ISP�s cable WAN, 
> and uses address
> 10.40.0.30/21.
> 
> My Iptables box source NATs  my LAN�s 192.168.1.0/24 packets 
> to the 10.40.0.30
> address. The ISP then source NATs all 10.40.0.0/21 packets 
> (including mine) to a
> public (non-reserved) ip address, connected to the Internet.
> 
> I recently registered my own public (non-reserved) ip 
> addresses, and my ISP has
> added a route to those addresses, routing them over to my 
> 10.40.0.30 address.
> 
> What I would like to do is to have packets addressed to my 
> public ip addresses
> NAT�ed to the Iptables box, either to address 192.168.1.1 or 
> to 10.40.0.30.
> 
> I�ve tried three alternatives, all of which have failed:
> 
> 1) # ip route add nat <pubklic addresses> via 192.168.1.1
> 
> 2) on iptables� PREROUTING chain, DNAT --to 192.168.1.1
> 
> 3) on same table, REDIRECT --to 192.168.1.1
> 
> Any suggestions?
> 
> 
> Oscar A. Valdez
> 
> -----------------------------------------------------------
> Hoc est autem iudicium: Lux venit in mundum, et dilexerunt
> homines magis tenebras quam lucem; erant enim eorum mala
> opera. Omnis enim, qui mala agit, odit lucem et non venit
> ad lucem, ut non arguantur opera eius; qui autem facit
> veritatem, venit ad lucem, ut manifestentur eius opera,
> quia in Deo sunt facta.
> Io. 3,19-21
> -----------------------------------------------------------
> 
>

Reply via email to