From: Ben <bench@silentmedia.com>
To: lartc@vger.kernel.org
Subject: [LARTC] masq + nat + port forwarding: can it be done?
Date: Sun, 20 May 2001 00:01:41 +0000 [thread overview]
Message-ID: <marc-lartc-99031694505944@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99032035310133@msgid-missing>
We're having problems getting our 2.4 kernel to do exactly what we need
it to for our network. In short, we aren't able to do port forwarding for
a masquarded machine, nor for a NAT'd machine.
The topology goes like:
cable -- (eth2)
|
router - (eth1)
| |
dsl ---- (eth0) +-- client1 (10.0.0.1)
+-- client2 (10.0.0.2)
+-- server1 (10.0.0.3)
+-- server2 (10.0.0.4)
The router's interfaces are:
eth0 1.1.1.1
eth0:1 1.1.1.2
eth1 10.0.0.254
eth2 2.2.2.2
server1 (10.0.0.3) is set up for 1:1 NAT with eth0:1... all incoming
packets to 1.1.1.2 go to server1, and all packets from server1 get
translated to come from 1.1.1.2.
client1 and client2 are masquaraded through eth0, unless they
attempt to initiate an ftp or nntp connection, in which case they are
masq'd through eth2.
server2 is always masq'd through eth2.
What we'd *like* to do is the following:
1) If ftp connections come in on eth2, we'd like to forward those requests
on to server2, and have replies go back out the same interface. It's not
clear to me if it's even possible to set up port forwarding for an
interface that's doing masquarading, much less what the iptables syntax.
2) If ssh connections come in on eth0:1, we'd like to forward those
requests on to client2 (instead of server1), and also have client2's
replies leave through eth0:1... but ONLY if we're talking about ssh
packets. Basically, this is 1:1 NAT for eth0:1 and server1, except for
ssh, where we'll want to do 1:1 NAT with a differnt internal IP. The
problem I'm having with this is how to specify the reverse route? client2
should be masq'd by eth0, unless it's responding to ssh packets coming
from eth0:1.
Help?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-05-20 0:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-05-19 20:17 [LARTC] masq + nat + port forwarding: can it be done? Largo Hellenz
2001-05-20 0:01 ` Ben [this message]
2001-05-20 18:24 ` Ben
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-99031694505944@msgid-missing \
--to=bench@silentmedia.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.