SNAT: in on the outside if (eth1), then out to a remote IP

[Terry Mackintosh <terry@mackintoshweb.com>]

Hi

First I hope I can post here with out joining the list, on enough already.
Please reply directly.

I'm not sure how to quickly state the quesion, so here is a long 
discription (sorry):

A machine acting as a firewall/router for a private LAN (eth0, 
192.168.0.254/24) with a none-routable IP on eth1 connecting to my ISP.

Also on eth1:0 thru eth1:8 are real IPs, which will soon be for another 
box but for the moment that box is else where with other unrelated real IPs.

 From the perspective of the inside private LAN I used a DNAT rule to 
send all traffic from eth0 to eth1:x to the appropriate IP on the remote 
box.  That worked and was easy.

Next I wanted to make it so that if someone from outside tries to access 
any of the IPs on the firewalls eth1:x interfaces, they will be 
seemlessly NATed to the real server at the other remote real IP addresses.

I understood that at this point the packets would alread go to the real 
server, but that server would try to directly reply to the origanal 
client which would not recognize it and refuse the connection.

So, an SNAT rule is needed so the remote server will reply instead to 
the firewall which will in turn de-NAT it and send it back to the 
origenal client.

OK, I've tried every veriation of an SNAT rule that seemed to make any 
sense to me and none work.

I've read several docs/tutorials and none mention this senerio.

Does anyone have any idea how to structure such an SNAT rule?

Thank you

Terry Mackintosh  <terry@mackintoshweb.com>