Firewall Wizards mailing list archives
Re: NAT
From: "Paul D. Robertson" <proberts () clark net>
Date: Wed, 26 Apr 2000 17:10:16 -0400 (EDT)
On 24 Mar 2000, Alexandre A. Rodioukov wrote:
I think the thing I'm looking for is static NAT. Unfortunately my first attempts to make NAT working where done on linux system (it seems to me that level of support of NAT in linux is not that great). What i wanted to do is for outsiders to be able to access some machines/services inside the network via real-IPs (machines by themselves are assigned fake addresses). Also it would be kinda great if some outgoing connections from internal net would be seen as they are from mapped to the originator address real IPs. (hope that makes sense). Small diagram:
I'm sure this is doable with Linux with some masquerading for the internal to external connections and Masquerading or redirection for the external to internal ones. You could also proxy the connections and/or use a transport layer tunnel like plug-gw and udprelay. The IP Chains HOWTO covers redirection and masquerading, IP aliasing on the external interface would allow you to do this with multiple addresses. As well as reading the IPChains HOWTO, you might want to look at: http://linas.org/linux/load.html It's also trivially doable with IPFilter running under one of the BSDs, which tends to be my recommendation these days (I chose NetBSD/IPfilter last time I had to do one of these, Free- or Open- would work equally well.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280