Re: NAT on linux firewall?

[Bernd Eckenfels <lists @ lina . inka . de>]

Hello,

> where can I get info on iproute? is that something new in the 2.1 kernels?

Yes, 2.1.x (x>15) ships with linux/Documentation/networking/
policy-routing.txt and routing.txt. which describes the new features
briefly. iproute can be obtained from any Debian GNU/Linux Mirror
(ftp.debian.org:/debian/bo/source/net) as iproute_961225-2.tar.gz. 
(Transproxy is there, too in transproxy_0.2.orig.tar.gz)

I found another Solution which does not need ipfwadm und plug-gw, but using
transproxy instead:

arp -s 200.200.200.0 xx:xx:xx:xx:xx:xx netmask 255.255.255.0 pub
route add -net 200.200.200.0 netmask 255.255.255.0 dev lo
tproxyd -t -b 200.200.200.2 -s 80 -r nobody 100.100.100.2 80
...
tproxyd -t -b 200.200.200.254 -s 80 -r nobody 100.100.100.254 80

BTW: you dont need to use 200 different IP Addresses for the WWW-Servers.
You can run multiple WWW-Servers on different Ports:
tproxyd -t -b 200.200.200.2 -s 80 -r nobody 100.100.100.2 80
...
tproxyd -t -b 200.200.200.254 -s 80 -r nobody 100.100.100.2 334

Greetings
Bernd

PS: with a patch to transproxy simple translation tables will allow you to
run only one tproxyd server instance.
-- 
  (OO)      -- Bernd_Eckenfels @
 Wittumstrasse13 .
 76646Bruchsal .
 de --
 ( .. )  ecki @
 {inka .
 de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes @
 irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy