| View previous topic :: View next topic |
| Author |
Message |
dirtystyle
n00b
Joined: 14 Sep 2005
Posts: 7
|
 Posted: Wed Sep 14, 2005 7:50 pm Post subject: 1 to 1 NAT with single ethernet card? |
 |
|
Not sure if this is even possible. What I'd like to do:
External IP (eth0): 192.168.0.2
Internal IP (alias eth0:1): 192.168.0.3
Target IP: 192.168.0.4 (some windows box)
Any traffic going to 192.168.0.3 would forward to 0.4 using NAT.
Problem is I have one nic card in the box. Any ideas? |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Sep 14, 2005 8:08 pm Post subject: |
|
|
If you only have one NIC, where is the Windows box connected to it ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
dirtystyle
n00b
Joined: 14 Sep 2005
Posts: 7
|
| Posted: Wed Sep 14, 2005 8:09 pm Post subject: |
|
|
Sorry,
Its on the same network via a switch. Trying to use iptables to do this |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Sep 14, 2005 8:28 pm Post subject: |
|
|
You may be able to get away with this by performing some unhealthy ARP magic, but that will likely bring the switch to its knees (since you will essentially be continually resetting the switch's ports).
Not advisable, in other words.
A NIC costs what, $5 at most.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
dirtystyle
n00b
Joined: 14 Sep 2005
Posts: 7
|
| Posted: Wed Sep 14, 2005 8:38 pm Post subject: |
|
|
Thanks bud. Yeah they are cheap but the box im limited to doesnt have room for another nic.
Time to look at the budget  |
|
| Back to top |
|
|
lbrtuk
l33t
Joined: 08 May 2003
Posts: 910
|
| Posted: Thu Sep 15, 2005 1:17 am Post subject: |
|
|
| USB ethernet dongles are quite cheap. |
|
| Back to top |
|
|
CriminalMastermind
Tux's lil' helper
Joined: 19 Nov 2003
Posts: 132
Location: toronto
|
| Posted: Thu Sep 15, 2005 5:54 am Post subject: |
|
|
i'm pretty sure you can do this.
| Code: | iptables -t nat -A PREROUTING -d 192.168.0.3 -j SNAT --to 192.168.0.4
iptables -t nat -A POSTROUTING -d 192.168.0.4 -j DNAT --to 192.168.0.3 |
should do it. you'll have to give it a shot.
that should make all traffic going to .3 get mangled to goto .4 and change the sender to .3 (if not, the host that originally sent the packet would be getting packets from .4 causing confusion because it was talking to .3, not .4). now .4 would get it, return the packet to .3 who would put the packet original sender back into the destination and fire the packet off.
clear as mud.
now, i think this is a bad idea and another solution would probably be better. off the top of my head i could see a feed back loop starting. like if .4 tried talking to .3. putting them on different subnet's and using the linux box as a router may make this a bit safer, but i'm not too sure.
i feel like i just tought you how to tie a noose... have fun.
_________________
"I can picture a perfect world that knows of no war... and I can picture me attacking that world, because they'd never expect it." |
|
| Back to top |
|
|
groovin
Guru
Joined: 07 Feb 2004
Posts: 429
Location: California, USA
|
| Posted: Thu Sep 15, 2005 6:03 am Post subject: |
|
|
| they might be more pricey than $5 but there are nics with 2 ports... |
|
| Back to top |
|
|
|
Networking & Security
