Orky
asked on
1 - 1 Static NAT and Dynamic using IPTables
I've been trying to get this scenario to work on a WRT54G 2.2 with DD-WRT v23-Final. (This runs a cut down version of Linux)
I have 5 external IP addresses (111.111.111.111, 112 for example) , and an internal network with private addresses. (10.0.0.x).
I'd like to be able to do 1 - 1 NAT with four of the addresses, statically to internal hosts, with no port forwarding, so all traffic is forwarded straight through.
For example
111.111.111.112 -> 10.0.0.2
111.111.111.113 -> 10.0.0.3
I'd like the fifth address to be a 'catch-all' address and have any other internal addresses NAT'd to it. (I understand port forwarding would be needed here.)
For example
111.111.111.115 -> 10.0.0.10, 10.0.0.11, 10.0.0.12 etc
I think this is possible with IPTables, I'm just not sure of the chains/tables used within DD-WRT.
Can anyone suggest a solution?
I'd thought of not NATing the first 4 hosts, and giving the internal machines external addresses, although this is not ideal.
Thanks!
I have 5 external IP addresses (111.111.111.111, 112 for example) , and an internal network with private addresses. (10.0.0.x).
I'd like to be able to do 1 - 1 NAT with four of the addresses, statically to internal hosts, with no port forwarding, so all traffic is forwarded straight through.
For example
111.111.111.112 -> 10.0.0.2
111.111.111.113 -> 10.0.0.3
I'd like the fifth address to be a 'catch-all' address and have any other internal addresses NAT'd to it. (I understand port forwarding would be needed here.)
For example
111.111.111.115 -> 10.0.0.10, 10.0.0.11, 10.0.0.12 etc
I think this is possible with IPTables, I'm just not sure of the chains/tables used within DD-WRT.
Can anyone suggest a solution?
I'd thought of not NATing the first 4 hosts, and giving the internal machines external addresses, although this is not ideal.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, that seems to be right - even with the correct outside interfaces specified it wont work on my Linksys WRT54G. Thats for another question though!
As far as the fifth is concerned, you can't forward the same port behind NAT to multiple IP addresses; that would mean converting direct packets to broadcasts and configuring the clients to listen accordingly (all starts getting very messy, complicated and not pretty).