[linux] NAT privatnych laniek na firewalle.

[Juraj Bednar]

Ahoj,
> Uurobim si 2 aliasy eth0 a kazdu LAN budem natovat na iny interface/alias.
> 
> Ale toto riesenie sa mi velmi nepaci, ake mam dalsie moznosti - neda
> sa to spravit cez lokalne loopbacky?
> 
> Navyse ak pouzivam alias eth0:1, tak dostavam od iptables tento warning:
> 
> Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
> 
> Je to v poriadku?

nie je to v poriadku, ako interfejs musis pouzit vzdy eth0, aliasovane
interfejsy v iptables su ti nanic.

inak tato otazka mi pripada fakt odveci. odpoved sa da najst priamo v
mane k iptablom:


   MASQUERADE
       This target is only valid in the nat table, in the POSTROUTING  chain.   It  should
       only  be  used  with  dynamically  assigned  IP (dialup) connections: if you have a
       static IP address, you should use the SNAT target.  Masquerading is  equivalent  to
   ......

cize pouzijeme SNAT

   SNAT
       This target is only valid in the nat table, in the POSTROUTING chain.  It specifies
       that the source address of the packet should be modified (and all future packets in
       this connection will also be mangled), and rules should cease being  examined.   It
       takes one option:

       --to-source  ipaddr[-ipaddr][:port-port]
              which  can  specify a single new source IP address, an inclusive range of IP
              addresses, and optionally, a port range (which is only  valid  if  the  rule
              also  specifies  -p  tcp  or  -p  udp).  If no port range is specified, then
              source ports below 512 will be  mapped  to  other  ports  below  512:  those
              between 512 and 1023 inclusive will be mapped to ports below 1024, and other
              ports will be mapped to 1024 or above. Where possible,  no  port  alteration
              will occur.


kde mas priamo odpoved ako specifikovat ipcku a dokonca aj porty.


   J.