Static Internal to public IP mapping, and ARP difficulties
Nick Drage
nickd at metastasis.org.uk
Tue Sep 21 14:12:47 CEST 2004
On Sun, Sep 19, 2004 at 06:56:50PM +0000, Michael Barry wrote:
> Sorry for the DUPE, but I forgot a subject line in my last message. I am
> sort of frazled trying to figure this out.
Bah, by the looks of it it's only early evening in your local time, wait
until after midnight :)
> I have a bunch of public IP addresses, for example, in the range
> 192.168.1.100-192.168.1.104.
>
> I have a 5 computers on my internal network statically defined from
> 192.168.0.100-192.168.0.104.
>
> I am trying to create a rule where each computer will always map to the
> same public ip address. For example I did: iptables -t nat -s
> 192.168.0.100 -j SNAT --to-source 192.168.1.100.
>
> The problem is if I try to do a ping from 192.168.0.100 it correctly
> gets translated to 192.168.1.100 and the ping goes out, but when the
> reply comes back there is an ARP request for WHO-HAS 192.168.1.100, and
> since no-one technically holds this address no reply is ever sent, and
> the ping reply gets dropped. Does anyone know a solution to this
> problem?
Yes, the best explanation is from the ubiqutous Jason Opperisano:
http://msgs.securepoint.com/cgi-bin/get/netfilter-0409/31/1.html
Use "ip addr" to set up the alias on your Internet facing interface, as
you're getting the arp requests it looks like everything else - i.e.
routing, is already set up. So once the aliases are in this *should*
work...
--
mors omnia vincit
More information about the netfilter
mailing list