[NTLUG:Discuss] static NAT?

Bob Byron bbyron at radit.com
Wed Feb 6 22:28:34 CST 2002 

Well, I was testing the configuration and when I connect to
216.224.237.55, I seem to get a connection to the server 
(216.224.237.34) and not to 192.168.12.99.

Oh, and in the last email where I mentioned the commands I executed, 
I meant to say I executed the commands:

ifconfig ethX:1 216.224.237.55 netmask 255.255.255.0 broadcast 192.168.12.255
iptables -t nat -A PREROUTING -d 216.224.237.55 -j DNAT --to 192.168.12.99

Bob Byron

----- Original Message ----- 
From: "Bob Byron" <bbyron at radit.com>
To: <discuss at ntlug.org>
Sent: Wednesday, February 06, 2002 9:42 PM
Subject: Re: [NTLUG:Discuss] static NAT?


> That is exactly what I am looking for, but I have been trying to determine
> what the "broadcast" is doing, and I am not sure what the "new broadcast"
> should be.
> 
> Let's take as an example 
> WAN IP: 216.224.237.34  (existing server)
> WAN Virtual IP: 216.224.237.55  (virtual IP)
> WAN subnetmask: 255.255.255.224
> LAN 192.168.12.99 (non routable lan IP).
> LAN subnetmask: 255.255.255.0
> 
> I want to route 216.224.237.55 directly to 192.168.12.99.
> ifconfig ethX:1 216.224.237.55 netmask 255.255.255.0 broadcast 192.168.1.255
> iptables -t nat -A PREROUTING -d 216.224.237.55
> 
> I also will want to block connections to that port except through
> perhaps ports 80 and 21.
> 
> I am testing.  Thanks for the info.
> 
> Bob Byron
> 
> ----- Original Message ----- 
> From: "Paul Ingendorf" <pauldy at wantek.net>
> To: <discuss at ntlug.org>
> Sent: Wednesday, February 06, 2002 11:47 AM
> Subject: Re: [NTLUG:Discuss] static NAT?
> 
> 
> > 
> > 1.)
> > 
> > ifconfig ethX:1 <ext ip> netmask <newnetmask> broadcast <new brodcast>
> > 
> > Where X is the number of the external interface.
> > 
> > 2.)
> > 
> > Then you should use something like so.
> > iptables -t nat -A PREROUTING -d <ext ip> -j DNAT --to <int ip>
> > 
> > 
> > 
> > Quoting Bob Byron <bbyron at radit.com>:
> > 
> > > I have a linux server acting as a firewall with a private non-routable
> > > 
> > > network (lan) on one side and the internet (wan) on the other.  I have
> > > 
> > > a number of ip addresses and want to be able to take one machine on 
> > > the lan and make it addressable from the outside.  I am using IP
> > > tables
> > > and the private network is being \"NAT\"ed.  So, I suspect I have to 
> > > do two things.  
> > > 
> > > 1)  Tell my NIC card on the wan side to accept a second (virtual) 
> > > IP address.
> > > 
> > > 2)  I need to have the firewall stiaticly translate the lan machine
> > > using 
> > > that address.  
> > > 
> > > Any ideas how to do that?
> > > 
> > > Thanks,
> > > Bob Byron
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> > > 
> > 
> > 
> > 
> > -- 
> > -->> mailto:pauldy at wantek.net
> > -->> http://www.wantek.net/
> > Running ....... Cos anything else would be a waste...
> > `:::\\\\\\\'                  .......  ......
> >  :::  *                  `::.    ::\\\\\\\'
> >  ::: .::  .:.::.  .:: .::  `::. :\\\\\\\'
> >  :::  ::   ::  ::  ::  ::    :::.
> >  ::: .::. .::  ::.  `::::. .:\\\\\\\'  ::.
> > :::.....................::\\\\\\\'   .::::..
> > 
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list