* ip aliasing
@ 2005-06-19 0:08 John Black
2005-06-19 0:40 ` ip aliasing (nfcan: addressed to exclusive sender for this address) Jim Laurino
0 siblings, 1 reply; 2+ messages in thread
From: John Black @ 2005-06-19 0:08 UTC (permalink / raw)
To: netfilter
i'm trying to setup my firewall to do ip aliasing. i have two private ip
address that i would like aliased.
if i run the command:
ifconfig eth0:0 10.10.10.11 (public address) netmask 255.255.255.0
then in my firewall script i have:
iptables -t nat -A PREROUTING -d 192.168.180.181 -i eth0 \
-j DNAT --to-destination 10.10.10.11
is this right? since eth0 is the address connecting the firewall to the
internet?
thanks
john
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ip aliasing (nfcan: addressed to exclusive sender for this address)
2005-06-19 0:08 ip aliasing John Black
@ 2005-06-19 0:40 ` Jim Laurino
0 siblings, 0 replies; 2+ messages in thread
From: Jim Laurino @ 2005-06-19 0:40 UTC (permalink / raw)
To: netfilter
On 2005.06.18 20:08, John Black - black@arbbs.net wrote:
> i'm trying to setup my firewall to do ip aliasing. i have two private ip
> address that i would like aliased.
I am not sure I understand what you mean by 'ip aliasing'.
DNAT can translate incoming destination addresses to new
destination addresses. This is usually done to allow
outside access to individual ports on hosts on your
private network.
If you wish to allow two hosts on the private network
to share one public ip address, then you probably want to use
masquerade (if the public ip address is assigned dynamically)
or SNAT (if the public ip address is static).
Source NAT can convert the source address of outgoing
packets from the private addresses of a group of hosts
on the private network into your shared, public ip address.
SNAT will also take care of the reverse translation
of destination addresses in reply packets from the outside.
>
> if i run the command:
> ifconfig eth0:0 10.10.10.11 (public address) netmask 255.255.255.0
>
> then in my firewall script i have:
> iptables -t nat -A PREROUTING -d 192.168.180.181 -i eth0 \
> -j DNAT --to-destination 10.10.10.11
>
> is this right? since eth0 is the address connecting the firewall to the
> internet?
I think you have the two ip address fields backwards.
try -d 10.10.10.11
- This is the destination address as it arrives at the firewall.
try -j DNAT --to-destination 192.168.180.181
- This is the private destination address
that the incoming public address should be translated to.
Also, you may need other rules to forward the packet
after the destination address has been translated.
--
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-06-19 0:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-19 0:08 ip aliasing John Black
2005-06-19 0:40 ` ip aliasing (nfcan: addressed to exclusive sender for this address) Jim Laurino
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.