Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Unusual NAT question

Posted on 2004-08-22
Medium Priority
Last Modified: 2010-03-18
I have to configure a rather unusual network address translation scheme in a linux box;

These are the interfaces and information about them

eth0 - This interface has the IP address of with gateway
eth1 - This interface has the address of and is a NAT gateway itself which is connected to a single machine with IP
eth2 - This interface has the address of and connects to a private LAN

I wish to do the following operation with these three interfaces;

- [any] request from outside to eth0's local IP number must first be redirected to [that machine connected to eth1]
- The machine [] that gets redirected packets from must send them back**
!! But this is a different host, not the local IP number assigned eth0. This causes all the problem in this scheme now...

To simplify the issue I could explain the following;

Consider that there is machine with two ethernet ports:
- 1st Ethernet port has an address assigned as
- 2nd Ethernet port has an address assigned as

These two networks are not in the same subnet physically, they are separate networks:

In the subnet to which the 2nd ethernet port is connected, there is a host whose address is the same as, and this address of this host must not be changed. So there are two networks, and two different hosts on both with the same address.

What can I do to resolve the issue without changing the IP addresses. (Indeed if I change the addresses it would be very easy, but it will not be convenient for our current network. We are just trying to connect one network to the other through two hosts that have the same IP address.

Any urgent help would be greatly appreciated...
Question by:Xephyr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Accepted Solution

jlevie earned 2000 total points
ID: 11872466
I think what you need is a second NAT box on the network with a static translation for the "other" machine. That way the box will be sending data to a address, which doesn't result in a conflict with the outside IP of this router.

Author Comment

ID: 11876226
The exact configuration is as follows;

eth0 - I wish to use IP address as the own IP for the linux machine
eth1 - I wish to use IP address here which will send data to a different host but with the exact IP address I assigned to eth0

I tried this and it worked;

setting eth0 to and using IPTables -DNAT --to, redirecting requests from any host in eth0 to eth1

But I wish to use as my own IP address still and the system totally fails if I try to do as such. Perhaps there is a way to define that (loopback it becomes) has a default route to eth1 -->, not the machine's own loopback adapter.

I would wish to hear something soon... (Adding a second NAT box is impossible because we have no place to add another machine here, I tried to use a virtual machine, but since it has to use the routing table of again the main host, routing still fails)
LVL 40

Expert Comment

ID: 11877008
If you define a given IP to an interface on this router you can't then send packets to another machine with the same IP that's connected to a different interface. In routing terms an IP is required to be unique meaning that there can be one ond only given IP "in view" of a node. So as stated you can't do what you are trying. The "other copy" of that IP would have to be hidden from the view of this router by a NAT device.

Featured Post

AWS Certified Solutions Architect - Associate

This course has been developed to provide you with the requisite knowledge to not only pass the AWS CSA certification exam but also gain the hands-on experience required to become a qualified AWS Solutions architect working in a real-world environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question