On Thursday 13 October 2005 7:04 pm, Rodolfo Alcazar wrote: > On Thu, 2005-10-13 at 17:55 +0100, Gary Stainburn wrote: > > Hi folks. > > probably a FAQ but I'm struggling. > > I have an internet connection linked to eth1 and a LAN connected to > > eth0 I want to set up simple 1-to-1 NATing thus: > > > > x.y.z.141 == 10.1.1.141 > > x.y.z.142 == 10.1.1.142 > > x.y.z.143 == 10.1.1.143 > > first of all, setup the interfaces. if your external interface is > eth1, as you said, using your numbers: > > ifconfig eth1:1 x.y.z.141 netmask 255.255.255.248 > ifconfig eth1:2 x.y.z.142 netmask 255.255.255.248 > ifconfig eth1:3 x.y.z.143 netmask 255.255.255.248 > > now, the incoming tables: > > -A PREROUTING -d x.y.z.141 -j DNAT --to-destination 10.1.1.141 > -A PREROUTING -d x.y.z.142 -j DNAT --to-destination 10.1.1.142 > -A PREROUTING -d x.y.z.143 -j DNAT --to-destination 10.1.1.143 > > same for outgoing, > > -A POSTROUTING -s 10.1.1.141 -j SNAT --to-source x.y.z.141 > -A POSTROUTING -s 10.1.1.142 -j SNAT --to-source x.y.z.142 > -A POSTROUTING -s 10.1.1.143 -j SNAT --to-source x.y.z.143 > > cheers Thanks for that. Worked fine once I'd found the other problem I had which was that I was using a linux box to emulate the box that's going to be on the .141 address, and I did that by adding eth0:1 on that box The problem was of course that the ip address the packets were coming from where the eth0 address which failed the rules. Now everything's tidy, it works for both incoming and outgoing connections. Cheers Gary -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000