Help w/Dynamic NAT
|
Hi-
I've had no luck trying to compile the dynamic code that came with the *current*.tar distribution. I grabbed the latest *static* distribution patched my 2.0.33 kernel rebuilt my kernel and compiled ipnatadm after putting in the fix as mentioned on the list. Using the static distribution I can't seem to do the following:
ipnatadm -O -i -V 209.x.x.80 -S 10.1.1.0/24 -D 0.0.0.0/0 \
-M 204.x.x.254 -N 0.0.0./0 -b -v
that is, the rule gets built (see it in /proc/net/ip_nat) but it does not seem to work. I have a number of machines on the 10.1.1.0 net but only 1 machine will NAT. I also have all the linux firewall modules compiled/installed. What I'm trying to accomplish is
____
209.x.x.80=eth0=| |=eth1=10.1.1.1
---- |
|
|=10.1.1.76
|=10.1.1.n
All 10 machines look like 209.x.x.80 outbound. I want to allow inbound traffic w/ssh to specific machines. e.g I did an
arp -s 209.x.x.76 eth0 pub and added a route on the firewall
route add 209.x.x.76 gw 10.1.1.76 metric 1 I want a rule that says
-I -i -V 209.x.x.80 -S 0.0.0.0/0 -D 209.x.x.76/32 \
-M 10.1.1.254 -N 10.1.1.0/24
so that an external host can connect to the inside machine directly (using ssh actually) Am I just really missing something here? I'm sorry to say I think I understand the mechanism of all this but not sure from the documentation what is/is not supported. Sorry if it is explained and I just missed it. Any help greatly appreciated. -todd (todd@nda.com)
|
Messages
Outline:
