I'm trying to connect my network through a Debian Linux firewall to the
outside world. The Linux firewall has two NIC's of which one is connected to
a cisco router (crosslink-cable) and the other to the internal network.
The router has a /29 or .248 subnet so that I have 8 fixed IP-adresses.
To save this valuable resource I decided to use private IP-adresses between
cisco and firewall (otherwise I have to split the subnet and there's nothing
effectively left to use).
The cisco has 192.168.0.1 und the firewall has 192.168.0.2.
The standard gateway on the cisco is 192.168.0.2 and the default gateway on
the firewall is 192.168.0.1.
The second NIC of the firewall gets a real public IP and - via ip-alias - a
192.168.31.3 (for some clients to surf the internet via ipmasq).
IP forward is set to yes and so with the connected clients having a public
IP everything works fine.
But the Linux box itself can't connect to the internet and it can't do IP
masquerading because it sends packets with it's source address of
192.168.0.2 to the cisco so that no internet host can answer.
Is there any way besides patching the kernel to change this behavior? If I
could set the IP address for outgoing connections to the public one I think
the problem is solved.