Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-22-2009, 09:54 AM   #1
LQ Newbie
Registered: Apr 2009
Posts: 1

Rep: Reputation: 0
Help with NAT and route


I'm trying to provide a new public address to a server I maintain and I could use some help figuring out the steps.

The setup:

Server 1 - The machine that needs a new address
  • Both NICs already in use
  • Exists on two LANs and zero WANs
  • Access to and from the internet is passed through a fire wall over LAN 1

Server 1 is already a production server in heavy use (so I need to be careful). The firewall currently used for NAT to that box is kind of limited, and we ran out of addresses in our WAN block. The CoLo facility provided us with a new block of addresses but the firewall can't handle 2 different subnets for whatever reason. Now Server 1 needs a new IP to accommodate a new SSL certificate. As a workaround, what I would like to do is provide NAT for Server 1 via Server 2, which has direct access to the new block of public addresses.

Server 2 - The machine to provide NAT / routing
  • Exists on 1 LAN and 1 WAN (internet)
  • Communicates directly to the world via a publicly accessible IP
  • Can claim additional public IPs
  • Also a live production web server

Server 1 and Server 2 both exist on LAN 1. What I would like to do is provide NAT from a new public address on Server 2 to a new local address on Server 1 and then add a route for the new interface on Server 1 to send outgoing responses through Server 2 where it is NAT'd again to appear to come from the new public address.

I've taken a couple stabs at this without much luck so if anyone can help I'm much obliged.

Old 04-23-2009, 02:27 PM   #2
Registered: Jul 2007
Location: Belgium
Distribution: slackware64 14.2, slackware 13.1
Posts: 371

Rep: Reputation: 54
all I can do is suggest some documentation:

It sounds like you need what the doc calls "destination NAT" in contrast to "source NAT". You are using the last one already on the network now.

Remember to make sure the replies from Server 1 to the internet are directed via Server 2
Old 04-23-2009, 03:56 PM   #3
Registered: Feb 2003
Posts: 484

Rep: Reputation: 33
is this what you're trying to do?

internet ---> server2 ---> server1: server1 ---> server2 ---> internet

why don't you just have the router pointing to your server2ort# with the request address of server1 going to that port on server 2, have that port forwarded to server1.
as long as server2 has it's iptables/firewall configured properly, the requests to the internet from server1 should still go through.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I use proxy-arp and NAT to route an "alien" computer to the Internet? mson77 Linux - Networking 14 10-19-2009 11:01 PM
need some clarifying points regarding vpns,route,ip,iptables, port ffwd,NAT nass Linux - Networking 6 04-27-2008 03:57 PM
Default route took 20s to display with 'route' command Akhran Linux - Newbie 3 11-04-2006 05:59 AM
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 05:34 AM
linux route - NO NAT champ Linux - Networking 6 08-17-2005 11:27 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:33 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration