is it possible to nat to the routed IP?
zhouzhenzj at gmail.com
Sat Dec 16 06:47:03 CET 2006
On 12/12/06, Rob Sterenborg <rob at sterenborg.info> wrote:
> On Tue, December 12, 2006 07:34, Zhen Zhou wrote:
> > Hi all,
> > one example network looks like:
> [ASCII image skipped)
> > So is it possible to nat from 210.153.22.y to 192.168.2.208?
> > If possible, how to do it
> The gateway must have a route for 192.168.2.x set to 192.168.5.202.
> The default gateway for the router must be 192.168.5.201.
> The default gateway for 192.168.2.208 must be 192.168.3.254.
> Packet arrives at 210.153.22.y.
> Packet is DNAT-ed to 192.168.2.208.
> Gateway sends packet to 192.168.5.202.
> Router at 192.168.5.202 routes packet to 192.168.2.208.
> Example, http:
> $ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> $ipt -A FORWARD -m state --state NEW -d 192.168.2.208 \
> -p tcp --dport 80 -j ACCEPT
> $ipt -t nat -A PREROUTING -d 210.153.22.y -p tcp --dport 80 \
> -j DNAT --to 192.168.2.208
Now another issue is pop up:
210.153.22.x is Internet gateway IP, 210.153.22.y is a public ip for
ofcs, from Internet traffic to 192.168.3.208, is go through 210.153.22.y.
But in the another hand all the traffic from 192.168.3.208 to outside,
it will go to 210.153.22.x, could it be a possible go via 210.153.22.y
under some protocols?
How to configure?
Any tips will be appreciated.
More information about the netfilter