[Firewall] Help setting up NAT

Lonnie Abelbeck lists at lonnie.abelbeck.com
Fri Aug 24 19:06:52 CEST 2012


Hi Nathan,

The variables NAT_FORWARD_TCP, NAT_FORWARD_UDP and NAT_FORWARD_IP are what you want.  A couple examples should get you going.

NAT Forward packets to 55.55.55.98 from 0/0 (anyhost) into the internal 192.168.1.13 host for TCP port 80 (HTTP)
--
NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13~80"
-- or --
NAT_FORWARD_TCP="55.55.55.98#0/0~80>192.168.1.13"
--

NAT Forward packets to 55.55.55.100 from 0/0 (anyhost) into the internal 192.168.1.14 host for TCP ports 80 and 443 (HTTP & HTTPS)
--
NAT_FORWARD_TCP="55.55.55.100#0/0~80,443>192.168.1.14"
--

Lonnie



On Aug 24, 2012, at 11:16 AM, Nathan Ekstrom wrote:

> I have a 16 address subnet of static ip addresses from my ISP.  I would like to use some of them and have certain machines on an internal network look like they have a public ip address.  Attached is a diagram of my network.
> 
> All internal network interfaces have addresses in the 192.168.1 subnet. The static ip addresses that I can use are in a range similar to 55.55.55.98-110 while my linux router/firewall running the arno firewall scripts is given an address like 56.56.56.52 for its external ip address from my ISP.  I've done a tcpdump of the firewall's external adapter and know that it is getting packets for addresses in my public subnet I'm just having issues figuring out all the NAT rules.
> 
> I would appreciate any help, links to tutorials, suggested books, pretty much anything at this point as everything I've found and tried has failed.
> 
> Thanks
> 
> 
> <Network_Layout.jpg>_______________________________________________



More information about the Firewall mailing list