Wed, 28 Jun 2000 08:54:57 -0500
I ended up using IP aliases to fix it and it works fine.
A note about this should probably be added to the HOWTO under section
6.1 Source NAT.
Thanks again to everyone for their help.
From: Rusty Russell [mailto:firstname.lastname@example.org]
Sent: Wednesday, June 28, 2000 1:40 AM
Cc: Multiple recipients of list NETFILTER
Subject: Re: Arp problem
In message <2175AA14AAC7D31186370080AD3ADF0D030B27@EXCHANGE> you write:
> I checked the HOWTO's and mailing list, but couldn't find an answer.
> Sorry if this is a re-hash of an old problem.
> I am running linux-2.4.0-test2 and iptables-1.1.0 on a fresh RedHat
> install. I'm trying to do Source NAT for a range of IP addresses and
> can't get it to work for addresses not set up on the system. In the
> I have this set up
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -s <internal network>/24
> SNAT --to <EXT_IP1>-<EXT_IPn>
> eth0 is EXT_IP1. IP's 2 through n are unused on the network. I send
> pings from a test host on the inside to a test host on the outside.
> outside host sees the echo requests with the correct source addresses,
> does an arp_who_has for the source IP, but only gets a response from
> firewall for EXT_IP1. The firewall doesn't do arp replies for the
> SNAT'ed addresses.
You need to convince everyone to route those addresses to you. In
your case this means proxy arp, or adding those interfaces as aliases.