Thank you for your responses and for your drawing, Philipp.
This is the current setup:
Internet
|
|
63.101.129.70 (public IP - controlled by isp)
10.0.40.1/21 (ISP owned; NAT)
|
|
10.0.40.30/21 (ISP owned; NAT)
192.168.1.1/32 NAT
|
|
192.168.1.0/32 LAN
As for my block of public ip addresses (it�s block 168.243.206.8/29, BTW), they
are being routed by the ISP over to my 10.0.40.30 address. If you traceroute to
168.243.206.9 (one of my addresses), you�ll see packets reaching 63.101.129.70,
which is the ISP�s NATting box, or router. The ISP has added routes for my
address block, routing them over to address 10.0.40.30 (my external interface).
What I�d like to do is to redirect packets received at 10.0.40.30 and addressed
to the 168.243.206.8/29 block to one of my private addresses.
I hope this clarifies my original post.
And thanks for your interest.
Oscar
----- Original Message -----
From: "Jason Pappas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "'Oscar Valdez'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, April 12, 2002 11:40 AM
Subject: Re: Redirecting packets
If you registered your own block of PUBLIC IP addresses, NAT is not the
solution to get the addresses "visable" on the internet. The problem is
that people on the internet do not know how to get to you.
YOu must set up routing so that people on the internet know how to get to
you. This is non-local (not you linux box) routing. Normally this is done
via BGP. Simple routing rules and NAT entries on your linux box won't let
your new registered address be visible on the internet
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "'Oscar Valdez'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, April 12, 2002 1:31 PM
Subject: AW: Redirecting packets
>
> Hi
>
> Please correct me if I'm wrong. But what you describe sound incredible to
> me.
>
> i'm not sure whether I got you right. As much as I understood you have
this:
>
> Inet (public IP - controlled by isp)
> 10.0.40.x/32 (ISP owned; NAT)
> |
> |
> 10.0.40.30/32 (ISP owned; NAT)
> 192.168.1.x/32 NAT
> |
> |
> 192.168.1.0/24 LAN
>
> and you want to have this:
>
>
>
> internet
> |
> your.public subnet (NAT; IP owned by you)
> |
> isp sets up a route to your public subnet
> |
> 10.0.40.30/32 NAT (IP owned by ISP)
> 192.168.1.x/32 NAT
> |
> |
> 192.168.1.0/24 LAN
>
> So your ISP routes your 10.0.40.30 address directly into the internet.
> Hmmm...weird technique. I don't get it.
>
> Can you please draw that?
>
> Philipp
>
> > -----Urspr�ngliche Nachricht-----
> > Von: Oscar Valdez [mailto:[EMAIL PROTECTED]]
> > Gesendet: Freitag, 12. April 2002 19:07
> > An: [EMAIL PROTECTED]
> > Betreff: Redirecting packets
> >
> >
> > I have a dual-homed Iptables box.
> >
> > Both interfaces are using "reserved" ip addresses: eth0 faces
> > my LAN, and uses
> > address 192.168.1.1/24, and eth1 faces my ISP�s cable WAN,
> > and uses address
> > 10.40.0.30/21.
> >
> > My Iptables box source NATs my LAN�s 192.168.1.0/24 packets
> > to the 10.40.0.30
> > address. The ISP then source NATs all 10.40.0.0/21 packets
> > (including mine) to a
> > public (non-reserved) ip address, connected to the Internet.
> >
> > I recently registered my own public (non-reserved) ip
> > addresses, and my ISP has
> > added a route to those addresses, routing them over to my
> > 10.40.0.30 address.
> >
> > What I would like to do is to have packets addressed to my
> > public ip addresses
> > NAT�ed to the Iptables box, either to address 192.168.1.1 or
> > to 10.40.0.30.
> >
> > I�ve tried three alternatives, all of which have failed:
> >
> > 1) # ip route add nat <pubklic addresses> via 192.168.1.1
> >
> > 2) on iptables� PREROUTING chain, DNAT --to 192.168.1.1
> >
> > 3) on same table, REDIRECT --to 192.168.1.1
> >
> > Any suggestions?
> >
> >
> > Oscar A. Valdez
> >
> > -----------------------------------------------------------
> > Hoc est autem iudicium: Lux venit in mundum, et dilexerunt
> > homines magis tenebras quam lucem; erant enim eorum mala
> > opera. Omnis enim, qui mala agit, odit lucem et non venit
> > ad lucem, ut non arguantur opera eius; qui autem facit
> > veritatem, venit ad lucem, ut manifestentur eius opera,
> > quia in Deo sunt facta.
> > Io. 3,19-21
> > -----------------------------------------------------------
> >
> >
>
>
