[NTLUG:Discuss] static NAT?

Bob Byron bbyron at radit.com
Wed Feb 6 21:42:21 CST 2002 

That is exactly what I am looking for, but I have been trying to determine
what the "broadcast" is doing, and I am not sure what the "new broadcast"
should be.

Let's take as an example 
WAN IP: 216.224.237.34  (existing server)
WAN Virtual IP: 216.224.237.55  (virtual IP)
WAN subnetmask: 255.255.255.224
LAN 192.168.12.99 (non routable lan IP).
LAN subnetmask: 255.255.255.0

I want to route 216.224.237.55 directly to 192.168.12.99.
ifconfig ethX:1 216.224.237.55 netmask 255.255.255.0 broadcast 192.168.1.255
iptables -t nat -A PREROUTING -d 216.224.237.55

I also will want to block connections to that port except through
perhaps ports 80 and 21.

I am testing.  Thanks for the info.

Bob Byron

----- Original Message ----- 
From: "Paul Ingendorf" <pauldy at wantek.net>
To: <discuss at ntlug.org>
Sent: Wednesday, February 06, 2002 11:47 AM
Subject: Re: [NTLUG:Discuss] static NAT?


> 
> 1.)
> 
> ifconfig ethX:1 <ext ip> netmask <newnetmask> broadcast <new brodcast>
> 
> Where X is the number of the external interface.
> 
> 2.)
> 
> Then you should use something like so.
> iptables -t nat -A PREROUTING -d <ext ip> -j DNAT --to <int ip>
> 
> 
> 
> Quoting Bob Byron <bbyron at radit.com>:
> 
> > I have a linux server acting as a firewall with a private non-routable
> > 
> > network (lan) on one side and the internet (wan) on the other.  I have
> > 
> > a number of ip addresses and want to be able to take one machine on 
> > the lan and make it addressable from the outside.  I am using IP
> > tables
> > and the private network is being \"NAT\"ed.  So, I suspect I have to 
> > do two things.  
> > 
> > 1)  Tell my NIC card on the wan side to accept a second (virtual) 
> > IP address.
> > 
> > 2)  I need to have the firewall stiaticly translate the lan machine
> > using 
> > that address.  
> > 
> > Any ideas how to do that?
> > 
> > Thanks,
> > Bob Byron
> > 
> > 
> > 
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> > 
> 
> 
> 
> -- 
> -->> mailto:pauldy at wantek.net
> -->> http://www.wantek.net/
> Running ....... Cos anything else would be a waste...
> `:::\\\\\\\'                  .......  ......
>  :::  *                  `::.    ::\\\\\\\'
>  ::: .::  .:.::.  .:: .::  `::. :\\\\\\\'
>  :::  ::   ::  ::  ::  ::    :::.
>  ::: .::. .::  ::.  `::::. .:\\\\\\\'  ::.
> :::.....................::\\\\\\\'   .::::..
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list