rnat with multiple aliases on external interface

Eric Limpens Eric@limpens.net
Thu, 18 Nov 1999 17:42:23 +0100


Hi..

To be to the point:

 firewall has 2 interfaces:
 I've got several (~ 8 to 20) ip addresses configured to an interface,
which is connected to the internet.
 Other interface is connected to a switch, with multiple servers, all
 dedicated to 1 single task (either http, or smtp etc)

 the problem:

 say, external interface has the following addresses:
 194.109.1.110
 194.109.1.25
 194.109.1.80
 194.109.1.21 

 and internal 10.0.0.110, 10.0.0.25, 10.0.0.21 and 10.0.0.80
           
  when one connects to port 80 of the 194.109.1.110, the connection
  should be dropped, but when one connects to port 80 of 194.109.1.80,
  the machine on 10.0.0.80 should get the connection, on its port 80.

 so:

  say, you would use your 16.16.16.16 ip address, to go to 194.109.1.80 port 80,
  the machine at 194.109.1.80 thinks it has an incoming connection from the
  address 16.16.16.16

 Is this possible? I do get the masquerading from the 'inside' working,
 all machines behind the firewall can communicate with hardware on the internet,
 but it appears that I'm doing something wrong for the rest...

 When I have this running:
 masquerade [SRC] 0.0.0.0/0->194.109.xx.xx/32 proto=6 dstpt=80 TO:192.168.10.2 
 masquerade [SRC] 192.168.10.0/24->0.0.0.0/0 TO:       

 it doesn't quite do the trick, I can't access the apache service on
192.168.10.2 port 80..
  (xx to protect the innocent)

 Perhaps this kind of thing isn't possible, but when it is, could
 someone be kind and show me some pointers? The howto's don't list this
 kind of thing..

 Thanks

--
-------------------------------------------------------------------------
Eric Limpens                                            Eric@Limpens.net

   Linux seems to be the real thing now, it's got the support -CNN.com