I have a machine with an alias so it has the following ip address setup (some parts of ip removed for security):
Internal Network (eth0) - 192.168.0.101
External Network (eth1) - xxx.xxx.xxx.195
External Network Alias (eth1:1) - xxx.xxx.xxx.194
At the moment, I have some basic masquerading going on for the 192.168.0.0/24 subnet which automatically goes out of eth1.
Inbound I have prerouting set up to forward certain ports on the 194 address to 192.168.0.1 and some input rules so that only stuff on the 195 address gets through to the linux machine itself.
What I want to set up is true 1:1 NAT so that 192.168.0.1 goes out on the 194 address and everything else internally gets masqueraded and goes out on the 195.
Could somebody send me some example rules for doing this?
The other thing I am using is FORWARD rules to block which ports are allowed out, but I presume these would still work.
Thanks in advance,