Quote:> Is it possible to do an masquerading for computers in private network 1
> with public ip adress 1 and for computers in private network 2 with public
> ip adress 2?
> If it is not possible with kernel 2.2.xx, is it possible with kernel
> 2.4.X?
As far as I can see it is not possible with 2.2 and ipchains (at least not
easily), but it is possible with 2.4 and iptables.
To achieve what you want you would need to make the linux machine accept
packets to the two public IP addresses on one interface - the most obvious
way I can think of to achieve this would be IP aliasing (you'd end up with
eth0:0 and eth0:1 or something)
Having accomplished this you would do the following commands, assuming that
public interface on eth0:0 = 1.1.1.1
public interface on eth0:1 = 1.1.1.2
private net 1 = 192.168.0.0/24
private net 2 = 192.168.1.0/24
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/16 \
-j SNAT --to-source 1.1.1.1
AND
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.0.0/16 \
-j SNAT --to-source 1.1.1.2
these rules basically match everything that is from a private network that
isn't going to the other private network, and changes the source ip to the
appropriate one (de-masquerading is handled automatically)
N.B. these rules could probably be "hardened" for security - but the basic
idea is there
Good luck,
Julian
by