On Friday 19 April 2002 6:08 am, [EMAIL PROTECTED] wrote: > ----- Mensaje Original ----- > De: Donald Thompson <[EMAIL PROTECTED]> > > > iptables -t nat -A PREROUTING -d 4.3.2.2 -j DNAT --to-destination > > 192.168.0.2 > > this line is OK. > > > I've sort of convinced myself that its either got something to do with > > using the same switch for both networks, or that I've got both > > internaland external IP's on the same physical interface. > > I think the same. It could be because of the relation of MAC addresse > and IPs, ARP/RARP.
I don't agree. So long as the internal clients have a default route which tells them to go via 192.168.0.1 to get to the Internet, they should be able to send packets out to external servers (provided the firewall masquerades those packets on the way out of the public address on the interface, of course). Incoming packets from the router connected to the Internet will have the firewall on 4.3.2.1 as the route to get to the internal machines, therefore packets in this dorection should work too. ARP doesn't care if two IP addresses map to the same MAC address. Antony.
