> I don't think Squid is what I'm looking for. IP Masq (unless I'm missing
> something) is used to make internal systems appear to be one IP address
> (of the gateway or IP Masq box) to systems on the outside, and is used
> for inside systems to begin sessions with outside systems.
> I need to do the opposite. An outside system needs to start a session
> (various things) with an inside system. I can't put another NIC into
> this inside system either. I was hoping that NAT would allow me to pass
> traffic to the inside system through a Linux box as a NAT router. I have
> a NAT kernel patch for 2.0.33, but I was hoping something else would be
> available so I wouldn't have to downgrade from 2.0.35.
> Am I on the right track?
It depends. As Larry Wall says, there's always more than one way to do
things (but many people will insits their's is the ONLY valid one and
all others are idiots).
Looks like you've found my NAT-patch. 1st, it also works with 2.0.35. If
there should be a .rej it will be easily resolved with very little
2nd, I've stated often enough (and you've probably read it) that that
code of mine was only an experiment, Alpha quality. The major product
was the NAT document (URL posted in my prev. posting), the code was used
only for verification, experimental. You still wanna use it?
3rd, I'm not certain if or how useful my code is for what you want to
do. I think if I had to accomplish what you described I'd try
a) an app-level portforwarder (I think there are several, you'll
probably find links on masquerading4Linux webpages)
b) portforwarding that's now part of masquerading in recent kernels
(e.g. your 2.0.35). Haven't tried that myself, but it seems to be
well-tested (compared to my stuff, which wasn't meant to be for
production). This is why people keep pointing you to Masquerading, I
guess, because this is part of it. As far as I understand it was
introduced because people asked for exactly what you're trying to do.
I guess you need only certain ports from that inside host available, not
general (IP)-availability. Also, if you should want to have the same
ports on your 'official' Internet-host and the inside-host available to
the outside, that wouldn't work anyway, not with my static NAT nor with
masquerading, another IP would be needed, but I guess that's not what
you want. So look at kernel builtin port forwarding.
And forget my experimental code. The goal of that project was the paper,
the by-product is the code, not vice versa. It was a university project,
after all, which says it all.
Michael Hasenstein; Siemens Nixdorf (Consultant)
Private Pilot (ASEL) since 1998