As a followon from the last mail, here are the steps I need to do:
I'm crap at text diagrams, so I won't attempt to do one. I would not make
things any clearer!!
1. The source machine is connecting to 1.2.3.4, which they think is the FTP
server, via a direct leased line
2. I have configured the network interface of the linux box to be 1.2.3.4,
and put a route on the router to send traffic to it.
3. The linux box should ignore the traffic completely except to translate
the desination ip address from 1.2.3.4 to 10.10.10.1 which is the
FTP server address. I then want the linux box to send the request back to
the router with it's new destination address of 10.10.10.1
which the router will then send on to the FTP server.
4. The server has a route to send any packets for the customers ip address
range back to the linux box
5. The linux box will then translate the sources address of our FTP server
back to 1.2.3.4 so that it gets back through the customer firewall.
So the linux box simple NAT's the destination IP address inbound and the
source address outbound.
It's driving me mad!! I'm sure someone has done this, can anyone help.
I thought that one DNAT and one SNAT rule would do the trick.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
