Is the new Netfilter/Iptables able to perform NAT firewalling for an entire subnet of servers each having separate IP addresses? Most of the docs I see out there are geared toward the home dsl crowd, people having 1 public IP and multiple internal computers. What I'm looking to do is a 1:1 NAT that will translate:

100.100.100.100 --> 192.168.0.100
100.100.100.101 --> 192.168.0.101
100.100.100.102 --> 192.168.0.102
100.100.100.103 --> 192.168.0.103
etc...

Also, would I have to set this server up as a router then?

Yes and yes.

Originally posted by bitserve
Yes and yes.

Excellent!

Could you point me to some docs that shows how to do the above kind of NAT and how to set up Linux as a router?

Originally posted by Skeptical

Could you point me to some docs that shows how to do the above kind of NAT and how to set up Linux as a router?

http://netfilter.samba.org/unreliable-guides/

HI!
if you want to use linux as a router then you must see this site...
http://master-www.linuxrouter.org:8080/
Though I'm sure you'd have seen it..... :)

Anyway, I had one question. If you had an entire external IP block why do you want to use an inter IP range too.. Is there any particular benifit.

Have a great day :)

regards
amar

Originally posted by bobcares
Anyway, I had one question. If you had an entire external IP block why do you want to use an inter IP range too.. Is there any particular benifit.

It's not really necessary actually. But how else can I get all incoming traffic into my network to pass through my firewall box?

Originally posted by Skeptical
It's not really necessary actually. But how else can I get all incoming traffic into my network to pass through my firewall box?

Proxy ARP is one way.

Originally posted by Skeptical
It's not really necessary actually. But how else can I get all incoming traffic into my network to pass through my firewall box?

The same way as you'd set up any other gateway router?