Hi

Is it possible to NAT multiple internal private network IPs to one external public IP using ports.
i.e. internal IPS are 192.168.1.10 - 20 with a firewall NAT rule for dstnat and srcnat to 196.212.116.99. then using :10000 - 10020 as ports. a browser will then have the following http://196.212.116.99:10000 which wil take me to 192.168.1.10 etc
These configs are for IP cameras on a surveillance network and we need remote access to each one but we only can use one static public ip.

Please advise

Thanks

ferdinandbabst -

Sure you can - just like any other dst-nat rule.

add chain=dstnat action=dst-nat to-addresses=192.168.1.10 to-ports=10010 in-interface=etherX dst-address=PUBLIC IP dst-port=10010 protocol=tcp comment="Camera 1" disabled=no

add chain=dstnat action=dst-nat to-addresses=192.168.1.11 to-ports=10011 in-interface=etherX dst-address=PUBLIC IP dst-port=10011 protocol=tcp comment="Camera 2" disabled=no

I 'assumed' here that the cameras can 'listen' on the ports specified in the 'to-ports' section above. If they cannot then this would be the 'correct' way to dst-nat them is;

add chain=dstnat action=dst-nat to-addresses=192.168.1.10 to-ports=80 in-interface=etherX dst-address=PUBLIC IP dst-port=10010 protocol=tcp comment="Camera 1" disabled=no



Your src-nat rule should be a simple masquerade;

add chain=srcnat action=masquerade out-interface=etherX (etherX=your 'public' ether interface...) comment="" disabled=no

R/

Thom