Here's the deal. I have a machine that faces the internet and has an
internal network and a DMZ. I am using iproute to NAT an ip from
public to private.
ip route add nat 220.127.116.11 via 10.1.1.1
ip rule add from 10.1.1.1 nat 18.104.22.168
Everything works fine with the preceding route and rule when talking
to the machine from the internet. The problem is that when a machine
in the internal network, say 10.1.2.1, talks to the 10.1.1.1 machine
in the DMZ, the replies get natted to 22.214.171.124, instead of replies with
the src address of 10.1.1.1. The idea is to have these ip's not get
natted when going in between the DMZ and Internal Network. Thus, the
replies come from 10.1.1.1. I toyed around with using multiple routing
tables but got nowhere. Please advise.
Internet -----|Firewall|---DMZ--- 10.1.1.1 (NAT 126.96.36.199)
Internet to DMZ is working fine with NAT.
Internal Network, 10.1.2.1 talking to 10.1.1.1, replies come from
I need replies to come from 10.1.1.1.
TIA for any guidance.