Dual Overlapping NAT

[jbackman@telcordia.com]

Won't I have a problem with the routing since the destination NAT is 
performed before the routing decision? 

Justin Backman 

Doug VanLeuven writes: 

> jbackman@telcordia.com wrote:
>> 
>> Help... 
>> 
>> I have a most difficult but interesting situation for which I would like to
>> use iptables NAT. I have a client who has recently bought another company
>> which has an internal IP numbering scheme which completely overlaps with
>> their existing numbering scheme. Instead of renumbering, the client would
>> like to do the following: 
>> 
>> Company 1 <----> Router1 <----> Linux NAT <----> Router2 <----> Company 2 
>> 
>> Company 1 and Company 2 both have addresses in the 10.0.0.0 address space
>> The router interfaces are 10.0.1.1 on the internal interfaces of Router1 and
>> Router2
>> 192.168.10.1 on the external interface of Router1
>> 192.168.10.254 on the Linux NAT interface facing Router1
>> 192.168.100.254 on the Linux NAT interface facing Router2
>> 192.168.100.1 on the external interface of Router2 
>> 
>> Could someone please assist in creating an iptables rule-set that will
>> facilitate this configuration? 
>> 
>> Justin Backman
> Invent the ranges Company 1 is going to see company 2 as, like 172.16.129.x
> Invent the ranges Company 2 is going to see company 1 as, like 172.16.1.x
> Left to right - incoming 192.168.10.254
> Source nat C1-10.x.x.x to 172.16.1.x Dest nat 172.16.129.x to 10.x.x.x
> Right to left - incoming 192.168.100.254
> Source nat C2-10.x.x.x to 172.16.129.x Dest nat 172.16.1.x to 10.x.x.x 
> 
> routing on linux nat box
> route 172.16.1.0/24 via 192.168.10.1
> route 172.16.129.0/24 via 192.168.100.1 
> 
> I'd pick numbers other than 10.x.x.x for the mapped ranges if I wanted to
> keep my sanity.