ipchains & masquerading & NAT

Paul Donahue donahu16@msu.edu
Thu, 9 Nov 2000 00:29:38 -0500


okay,

so i've had masquerading and all that cool stuff setup for a couple of years
now and it's really great. However I am no longer satisfied by this. I have
been slowly learning that ipchains is really cool and can do a lot.

I currently have this:

eth0: 192.168.1.1
eth1: <my real world ip>

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ------  anywhere             localhost.localdomain  any ->
1234
DENY       tcp  ------  anywhere             anywhere              any ->
1234
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.1.0/24       anywhere              n/a
Chain output (policy ACCEPT):

this basically limits port 1234 to localhost connection only (don't ask) :)
and allows masquerading for everything on my internal network...

This is what I WANT TO DO:
eth0: 192.168.1.1
eth1: <my current real world ip>
eth1:0: <another real world ip>

getting the other ip on eth1:0 is trival and I have already done that. Now
the hard part.
I want EVERYTHING (icmp too if possible, definately tcp and udp) that comes
in destined for "<another real world ip>" to be redirected to say
192.168.1.254. This redirect must be transparent at the network layer as I
wish to have external computers to be able to connect to the internal one
via this "<another real world ip>"

I've spend the past couple of hours mulling over this and have not made much
progress. Have any of you out there been able to do this successfully??

Any help that is offered is much appreciated,

Paul Donahue
Computer Science Senior
Computer/Network Technician
Michigan State University
http://www.pdonahue.com/
ICQ: 1624723   Phone: 517-204-6047