From mboxrd@z Thu Jan  1 00:00:00 1970
From: David A. Bandel david@pananix.com
Date: Wed, 03 Jan 2001 12:37:31 +0000
Subject: [LARTC] routing
Message-Id: <marc-lartc-98373940416817@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-98373940416816@msgid-missing>
In-Reply-To: <marc-lartc-98373940416816@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

<PRE>Spyros Dimas wrote:
&gt;<i> 
</I>&gt;<i> Hello and Happy New Year!
</I>&gt;<i> We have a LAN with 2 interfaces. One is configured with addresses
</I>&gt;<i> 192.168.0.x (pseudo-addresses) and other one with real addresses, so we
</I>&gt;<i> use ip-masquerade. But we would like one of workstation witch has a
</I>&gt;<i> address 192.168.0.5 to have a real address, such us 194.219.85.4, on the
</I>&gt;<i> 
</I>&gt;<i> first interface or on the second. Could you tell us how we can do it. Or
</I>&gt;<i> if you have
</I>&gt;<i> another idea. Thanks.
</I>
This is really an issue for your firewall/masquerade software.  If you
are masquerading using Linux and either ipchains (2.2.x) or iptables
(2.4.x) it's easy.

In either case, your firewall/masquerade server needs to have
194.219.85.4 aliased on the external interface, then:

2.2.x:
get ipmasqadm and set up a portforward from the masq server to the
workstation. Assuming you want to forward only port 80, the following
will work: 
ipmasqadm portfw -a -P tcp -L 194.219.85.4 80 -R 192.168.0.5 80

better:
2.4.x:
use iptables and runthe following:
iptables -t nat -A PREROUTING -d 194.219.85.4 -p tcp --dport 80 -j DNAT
--to-destination 192.168.0.5:80

With iptables you can easily omit the port stuff so everything passes
(just like the workstation is on the Internet) or qualify your matches
with -m multiport and select several individual ports or a range (or
ranges) of ports.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
		-- Nemesis Racing Team motto
*** sent via a Linux 2.4.0-test12 system ***


</PRE>