From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel Frederiksen <cyberdoc@cyberdoc.dk>
Date: Tue, 25 Oct 2005 12:58:04 +0000
Subject: Re: [LARTC] Ip Src rewite.
Message-Id: <435E2BDC.1080507@cyberdoc.dk>
List-Id: <lartc.vger.kernel.org>
References: <435E26E3.2080204@cyberdoc.dk>
In-Reply-To: <435E26E3.2080204@cyberdoc.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Oscar Mechanic wrote:
> Maybe I have missed somthing and you need to do it in POSTROUTING but
> how about SNAT.
> 

Well currently I do not NAT at all. I have ip_forwarding enabled and 
have assigned the first IP from the external block on the inside of the 
Gateway/Firewall. On the outside of the Gateway/Firewall I have assigned 
the WAN IP. This way when a system on the DMZ establishes a connection 
it is forwarded through the Gateway.

Any suggestions to changes are appreciated.

/Daniel..

> PS: ip can do stateless nat.
> 
> On Tue, 2005-
> 10-25 at 14:36 +0200, Daniel Frederiksen wrote:
> 
>>Hello folks..
>>
>>Does any of you know if it is possible to rewrite the ip src in a packet.
>>I have a problem involving a DMZ with external IP addresses routed 
>>trough a single WAN IP. When the server initiates a connection, it looks 
>>like it comes from the WAN ip instead of it's designated External IP 
>>routed through the WAN.
>>So in short, Is it possible to rewrite the packet in the router, with 
>>Iptables, to make it look like it comes from the external IP address 
>>instead of the WAN IP of the router/firewall.
>>
>>Thank you very much for your time, I appreciate it.
>>
>>/Daniel Frederiksen
>>
>>
>>NB: Small diagram of the setup.
>>
>>   DMZ                     GW/FW           ISP/Internet
>>-----------------------------------------------------------------------
>>   Server #1  --|
>>   e.f.g.h3/26  |
>>                |---- Gateway/Firewall --- ISP  WAN IP: a.b.c.d/30
>>   Server #2  --|      a.b.c.d1/30         Ext. IP: e.f.g.h/26
>>   e.f.g.h4/26         e.f.g.h1/26
>>----------------------------------------------------------------------
>>
>>_______________________________________________
>>LARTC mailing list
>>LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> 


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc