Problems with NAT

Alejandro Daniel Popovsky (apopov@mail.palermo.edu.ar)
Tue, 22 Jun 1999 18:33:50 -0300


I am setting up a firewall that hides two servers in a private network
using address translation as in the following graph.

200.2.229.0/24 |-----| 10.1.0.0/16 |---|
eth0| |eth1 |---| | server 1
--------------------|dogo |-----------------| | | 10.1.0.4
| | 10.1.0.3 | |---|
200.2.229.3 ------- |
200.2.229.4 (alias) |
200.2.229.5 (alias) | |---|
|---| | server 2
| | 10.1.0.5
|---|

The configuration in dogo is:

ip rule add from 10.1.0.4 nat 200.2.229.4 table main
ip route del 200.2.229.4 table local
ip route add nat 200.2.229.4 via 10.1.0.4 table local

ip rule add from 10.1.0.5 nat 200.2.229.5 table main
ip route del 200.2.229.5 table local
ip route add nat 200.2.229.5 via 10.1.0.5 table local

After configuring this, all the machines in the network 200.2.229.0 can
reach the hidden servers, but dogo itself can't (?). I get the following
message:
dogo% ping 200.2.229.5
ping: sendto: Invalid Argument

No filters have been set using ipchains yet.

I would greatly appreciate any help with this.

Alejandro Popovsky.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu