PB with NAT on 2.2.4

Sylvain FAVRE (sfavre@bil.fr)
Wed, 21 Apr 1999 12:38:58 +0200


This is a multi-part message in MIME format.
--------------AFDCF37B6730ACFB47918742
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I have set up a firewall with 4 interfaces.

+--------------+
| Linux box | ----------> internet
| | ----------> DMZ
| | ----------> intern1
| | ----------> intern2
+--------------+

I use kernel 2.2.4 with fast nat options, and iproute2 package
I want translate two computers from the DMZ to internet.

case 1 :
ip rule add from XX.XX.XX.XX nat YY.YY.YY.YY table main
ip route add nat YY.YY.YY.YY via XX.XX.XX.XX table local
where XX.XX.XX.XX = valid address and YY.YY.YY.YY = real address

in this case , translation work's on all interfaces -> pb in internal
networks

case 2 :
ip rule add dev eth 0 from XX.XX.XX.XX nat YY.YY.YY.YY table main
ip route add nat YY.YY.YY.YY via XX.XX.XX.XX table local

in this case, packets coming from internet , are translate , but answer
packets are not translate. But internal networks work fine ;-)

If you have any idea, can you help me ?

------------------------------------------
Sylvain FAVRE
sfavre@bil.fr
sfavre@club-internet.fr
--------------AFDCF37B6730ACFB47918742
Content-Type: text/x-vcard; charset=us-ascii;
name="sfavre.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Sylvain FAVRE
Content-Disposition: attachment;
filename="sfavre.vcf"

begin:vcard
n:FAVRE;Sylvain
tel;cell:06-61-12-94-57
x-mozilla-html:TRUE
adr:;;;;;;
version:2.1
email;internet:sfavre@bil.fr
x-mozilla-cpt:;-19392
fn:Sylvain FAVRE
end:vcard

--------------AFDCF37B6730ACFB47918742--

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu