On Fri, Apr 12, 2002 at 12:09:23PM -0600, Oscar Valdez wrote: > Thank you for your responses and for your drawing, Philipp. > > This is the current setup: > > Internet > | > | > 63.101.129.70 (public IP - controlled by isp) > 10.0.40.1/21 (ISP owned; NAT) > | > | > 10.0.40.30/21 (ISP owned; NAT) > 192.168.1.1/32 NAT > | > | > 192.168.1.0/32 LAN
What do you mean by "192.168.1.0/32 LAN". Hope it's a typo otherwise read the Networking Mini-HowTo first. > > As for my block of public ip addresses (it?s block 168.243.206.8/29, BTW), they > are being routed by the ISP over to my 10.0.40.30 address. If you traceroute to > 168.243.206.9 (one of my addresses), you?ll see packets reaching 63.101.129.70, > which is the ISP?s NATting box, or router. The ISP has added routes for my > address block, routing them over to address 10.0.40.30 (my external interface). > > What I?d like to do is to redirect packets received at 10.0.40.30 and addressed > to the 168.243.206.8/29 block to one of my private addresses. OK. It seems reasonable. What you do is: 1) DNAT the NEW packets coming in from your ISP in PREROUTING. 2) SNAT the NEW packets going out from your LAN in POSTROUTING. Actually, I believe that you don't have to use those IP's on any interface as long as the NAT is done properly on your gateway. However, you might need some helpers for certain protocols, like irc and ftp and for some protocols like AH you might end up with no solution. But I don't believe you have a problem with that as your current access is an ISP-NAT access anyway. Another way of doing this is to implement the /29 on your LAN side and bypass the NAT which gives you much more ability for all the protocols. For further instruction as to HowTo [SD]NAT see the documentations. Ramin > > I hope this clarifies my original post. > > And thanks for your interest. > > Oscar
