I think you will need to do the masquerading at the kernel level. look at
the ipfw and ipfwadm programs. there is a web site that has a html based
manual online for this at http://simba.xos.nl/linux/ipfwadm this includes
> From: Shabbir Khan <shabbir @
> To: Firewalls @
> Cc: firewalls-digest @
> Subject: Re: Firewalls-Digest V6 #147
> Date: Tuesday, April 08, 1997 10:47 PM
> I am finding Firewall Digest to be a very valuable service.
> We are using an Intel box (running Craftworks Linux 2.x
> version) to serve as a firewall between our internal network
> and the ISP. I need your help as soon as possible to solve
> a simple problem. Can anyone help us pls ? Here is the
> problem description:
> My linux machine contains two interface cards. One
> provides the internet connection and the other connects
> to the internal network. The machine is running the
> SOCKS 4.2 server. The internal network is configured with
> the class C address 192.168.2.x. The external network
> interface is totally different (all four fields).
> I need to run a service on an internal machine
> (say 192.168.2.4) on a little used port (6780). I would
> like to open this port on the linux server and direct
> all incoming requests on port 6780 to be directed to
> the internal machine (192.168.2.4).
> I know how to configure sockd.conf on the Linux box to
> open up this port (6780) to all the source addresses
> and use sockd.route to redirect the traffic to the
> internal net. However, since all the incoming requests
> will contain the internet address of the external
> interface card as the destination address, how do I tell
> the port 6780 traffic to go to 192.168.2.4? Is there
> any way to accomplish this?
> Thanks very much for your help.
> Shabbir Khan (shabbir @
> Skylight Software, Inc.
> Tel: 408-249-6396
> Fax: 408-249-6397