On Mon, 25 Nov 2002, Brian wrote: > I have a registered subnet 1.2.3.0/29 and an internal subnet > 192.168.1.0/29 The router has INT_OUTSIDE_IP=1.2.3.2 > > I want to map .3,.4,.5, and .6 on 1.2.3.0 to 192.168.1.0, > respectively. > > I think I just need to do something like > > iptables -A PREROUTING -t nat -p tcp -d $INT_OUTSIDE_IP --dport $PORT > \ -j DNAT --to $SERVER_IP:$PORT > > for each IP and port. When I do this, do I need to assign each IP to > a subinterface on $INT_OUTSIDE (eth0:1, etc) or does iptables > automagically grab the IP for me? Also, is this the best way to do it > or should I be going about it differently? That's the simplest way of doing it. You don't have to bind the IP to the Linux box if it's a subnet that's being routed through it already, but if it isn't, you'll either have to set up arp for those addresses, or bind them to the machine. Note that if you don't bind them, and don't forward ICMP to an internal host, pings to those addresses won't work. Seems obvious, but took me a bit to figure out my first time. :) -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500