Hi there!
I just got a router with NAT running by using IPtables. Atm though it's set for the whole internal subnet (10.1.0.0 /16, and don't worry, its really not that large!) to be translated to just the external address of the router (X.X.X.66 /29). I can ping out from the inside network fine.
What I want, and which I cannot really wrap my mind around how to make happen, is to have internal servers get static NAT:ed addresses. For example, my internal DNS server (internal IP: 10.0.255.1) should be mapped to have the outside IP of X.X.X.68.
The valid external addresses I've got is the range of X.X.X.66-X.X.X.72, and so I would also like to make an address pool out of the ones not used by the router and internal servers statically and then use that pool for all client connections to the Internet.
I hope this made sense, thanks in advance.
/tanek
Posting some configuration data below.
Code:
Some addresses and gateways:
eth0 (External): IP X.X.X.66, GW X.X.X.65
eth1 (Internal): IP 10.1.255.254, GW X.X.X.66
internal DNS: IP 10.1.255.1, GW 10.1.255.254
Forwarding rules:
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
Enabling NAT/MASQUERADING:
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
.
