rnat with multiple aliases on external interface

Eric Limpens Eric@limpens.net
Thu, 18 Nov 1999 17:42:23 +0100


To be to the point:

 firewall has 2 interfaces:
 I've got several (~ 8 to 20) ip addresses configured to an interface,
which is connected to the internet.
 Other interface is connected to a switch, with multiple servers, all
 dedicated to 1 single task (either http, or smtp etc)

 the problem:

 say, external interface has the following addresses: 

 and internal,, and
  when one connects to port 80 of the, the connection
  should be dropped, but when one connects to port 80 of,
  the machine on should get the connection, on its port 80.


  say, you would use your ip address, to go to port 80,
  the machine at thinks it has an incoming connection from the

 Is this possible? I do get the masquerading from the 'inside' working,
 all machines behind the firewall can communicate with hardware on the internet,
 but it appears that I'm doing something wrong for the rest...

 When I have this running:
 masquerade [SRC]>194.109.xx.xx/32 proto=6 dstpt=80 TO: 
 masquerade [SRC]> TO:       

 it doesn't quite do the trick, I can't access the apache service on port 80..
  (xx to protect the innocent)

 Perhaps this kind of thing isn't possible, but when it is, could
 someone be kind and show me some pointers? The howto's don't list this
 kind of thing..


Eric Limpens                                            Eric@Limpens.net

   Linux seems to be the real thing now, it's got the support -CNN.com