I’ve been searching for a really long time, and couldn’t find something specific for my needs.
My network setup is like this:
eth0 - ISP with two IP-s 1.1.1.1 2.2.2.2
eth1 - Office network 192.168.1.0/24
eth2 - Hotspot network 10.5.0.0/24 (not important for this matter)
eth3 - Employee network 10.6.0.0/24 (not important for this matter)
Currently everything is going on internet via IP1.
and I want to keep it that way.
But I have one host on Office network with IP:
192.168.1.18 which I want to go online via IP2 with all ports open.
What I succeed so far?
Well I did some play in Firewall and I managed to make that
when somebody types ip2:22 it’ gets my SSH server on 192.168.1.18
when I type ip1:22 nothing, closed, dropped.
That is ok, works just like I want, all incoming connection on IP2 are going directly to 192.168.1.18
but the problem is, when I check “What is my IP” with machine 192.168.1.18 it says that his IP is IP1
p3rad0x’s advice is correct. Make sure that your new srcnat rule comes BEFORE the default masquerade rule in your srcnat chain. Rule order in the chains is important.
My webserver on host 192.168.1.18 is successfully exposed to IP address 2.2.2.2 only!
I tried by accessing via 1.1.1.1 not possible because all other opened ports on my network I have put
dst-address to 1.1.1.1 so accessing to 1.1.1.1:22 will not go anywhere while accessing 2.2.2.2:22 will go to SSH of webhost.
