I've got a basic nat setup:
internet
|
+====+=====+ eth0: 1.2.3.4
| firewall |
+====+=====+ eth1: 10.0.0.1
|
+====+=====+ eth0: 10.0.0.2
| server |
+==========+
What I would like is for packets coming from the server (10.0.0.2) to get
SNAT'd to the firewall's IP address, 1.2.3.4. It seems easy enough to do:
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.2 -j SNAT --to 1.2.3.4
But now I don't see how return packets are going to make it back to my
server, because the firewall is going to think they are destined for it.
If I add the rule:
iptables -t nat -A PREROUTING -d 1.2.3.4 -i ! eth0 -j DNAT --to 10.0.0.2
Then it seems I loose the ability for the firewall to run anything
accessable to the outside world, like ssh.
