Re: [Fwbuilder-discussion] Dual-homed NAT question
Brought to you by:
mikehorn
From: Niumar A. K. <ni...@so...> - 2012-05-18 03:13:48
|
Hi, You can try to take a look on this: http://sourceforge.net/projects/redlink/ It is a simple shell script that implements what you want! I've been using it a lot. Regards, -- Engº Niumar André Klein Analista de rede/servidores SOLIS - Cooperativa de Soluções Livres www.solis.coop.br Em 17-05-2012 17:03, Whit Blauvelt escreveu: > Hi, > > I'm puzzling through how to get NAT to work in a context where the firewall > is dual-homed; it has two separate blocks of public IPs. I want to take one > IP from each block and NAT it to a single internal server. Works fine for > one external IP using plain DNAT and SNAT rules for in and out on a port. > The problem is when a second public IP is added, to have the return traffic > on that go back out the same line, rather than SNAT out on the first IP. > > For SSH, for instance, I've thought to translate the port on the way in to > other than 22 (with sshd listening on both ports), and then to use negation > on that port in the SNAT rule first IP to ignore traffic from the new port > on the way back out. That step looks good. But the hitch is how to translate > the port back on the way out. Since I'm using iptables I get: > > error: Can not use outbound interface specification with rules that translate > destination because iptables does not allow "-o" in PREROUTING chain > > Is there an alternative way to get the same effect? I need to use standard > ports on the external side, so the port translation is necessary as compared > to just using a second port straight through. Or is there a different way to > ensure the outward traffic goes via the right external IP, without using the > port as the differentiator? > > Thanks, > Whit > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > |