![](https://seccdn.libravatar.org/avatar/fcddee211ea9dd5e95f4be2d0c89273f.jpg?s=120&d=mm&r=g)
On 02/24/2019 01:52 AM, Andrei Borzenkov wrote:
Yes, you can forward traffic to specific external address to specific internal address and mangle packets in reverse direction to have this outgoing address. This is exactly what Network *Address* Translation is for. I do not know if SUSEfirewall2 offers high level means to configure it, on iptables level this would be DNAT for packets entering external interface and SNAT on packets leaving external interface. In which case you probably want to use --persistent to simplify tracking.
If he has a block of addresses, why not use them as is, instead of this NAT nonsense? NAT is a hack to get around the IPv4 address shortage and it introduces it's own problems. Incidentally the world is moving to IPv6, where NAT is not used. For example, I have a /56 prefix, which gives me 256x 18.4 billion, billion addresses to use. No NAT needed. I just set up my firewall rules as appropriate. This is one thing that really bugs me about NAT. It's become so common that people think it's the right way to do things. It's not, it's a hack! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org