On Sat, Jan 08, 2005 at 11:53:30AM -0700, Jay wrote:
> In George's case that will not work. As I understand his problem, the
> source external/public address of the HTTP connection needs to be
> difference for each internal machine.
It absolutly *would* work. That's what NAT means -- network address
*translation*.
Suppose, as a simple case, you have two LANs which are both using
192.168.0.0/16. If you were to connect them, you'd have to renumber one
of them, right?
Wrong. You can, with a Linux (or OpenBSD or Cisco or something else)
router, make network A think that network B's addresses are in the
10.5.0.0/16 range. Anything sent from A with a destination address in
10.5.0.0/16 will be translated by the router as being intended for
network B and re-written with the appropriate destination address in the
192.168.0.0/16 range. At the same time, the source address would also
be re-written to be in, say, the 10.8.0.0/16 range, and B's router would
make the appropriate translation when the packets got there, and for
traffic destined for A.
In this case, it's only half as complex. Only the source needs to be
re-written for outbound traffic; the destination stays the same.
A simpler explanation can be found at
<
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-2.html#ss2.1>
and <
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-3.html>.
This whole discussion is academic if he's using a 2.2 or earlier kernel;
2.0 and 2.2 only had the ability to do masquerading (i. e., one external
address to many internal addresses) and not full-on NAT (many-to-many).
You need 2.4 and up to do NAT.
--
Bill Jonas * bill@billjonas.com * http://www.billjonas.com/
"It's a dangerous business, Frodo, going out your front door. You step
into the Road, and if you don't keep your feet, there is no knowing
where you might be swept off to." -- Bilbo Baggins
(text/plain)