Firewall Wizards mailing list archives
NAT
From: "Alexandre A. Rodioukov" <simuran () home com>
Date: 07 Mar 2000 09:28:34 -0700
Hi Friends. My knowledge of NAT is not deep enough, therefore I'm asking for your help. Our ISP denied to provide us with private routable subnet, giving us only the plain range of IP addresses. It sucks since we need to plug our DSL modem to the hub and live the whole network without any protection <big grin>. One of the solutions was to put a hardware firewall in between the network and DSL modem, but for some reasons we can't do that. The solution that I was thinking of is to set up all the IPs given to us as aliases on external interface on our router (Linux or *BSD box) and set up NAT in following matter: (all the workstations in local network are getting local no-routable addresses) For each outgoing packet source address (local) is replaced by one of the aliases mapped to this address. For each incoming packet each destination address (external alias) is mapped to local address. So it looks like fancy masquerading, even though instead of ports we are playing with aliases on external interface of the router. I was hitting my head against the wall trying to come up with NAT rules for such scheme, but i failed. I need your help guys. Thanks in advance. With kind regards, Alexandre.