Hi Armin -
On Wed, 09 Mar 2005 16:45:34 +0200, Armin <(E-Mail Removed)> wrote:
>The problem is that the server where the app is running is
>also running iptables wich should do the masquerading.
Other than this part, it's easy enough with a DNAT and SNAT pair. I
have a setup like this to connect to a device with a hard-coded IP
address which is on a different subnet from our LAN, and which cannot
have a gateway IP address specified.
I PREROUTING DNAT everything directed to a specific IP address which
is on my regular subnet to the address of the device. I POSTROUTING
SNAT everything to that destination to an IP address on the same
subnet as the device. Both of those IP addresses are aliases on the
same NIC as has the Linux system's main IP address. Besides only
needing one NIC, I can plug the device in anywhere on our LAN; it
doesn't have to be connected directly to the Linux system.
You could try the same thing running on the same system. I think you
would need three IP addresses, one for the clients to connect to (on
either subnet), one for the SNAT, and the one which the application
uses. They can all be aliases on one actual NIC. If IP address that
the clients connect is on the same subnet as the application, you
might not need three addresses, especially since this is limited to
two ports. If netfilter is smart enough and you code the rules
precisely enough, it might even be possible to do it all on one IP
address.
--
Ken
http://www.ke9nr.net/
Similar Threads
Linear Mode
