iptables NATSNAT/DNAT Route all packets for the new public ip, to a certain local IP. iptables -t nat -I [PREROUTING] -p all -d [PUBLIC_IP] -j DNAT --to-destination [LAN_IP]
Masquerade returned packets from the local ip to the public IP iptables -t nat -I [POSTROUTING] 1 -p all -s [LAN_IP] -j SNAT --to-source [PUBLIC_IP]
Translate anything else from the lan to the "main" router IP. iptables -t nat -I [POSTROUTING] -o br0 -s [LAN_SUBNET] -j SNAT --to-source [MAIN_IP]
In that last line, br0 may not always be correct; it's br0 on Tomato at least. You can telnet to the router and use the ifconfig command to see the correct value; it's the one with the router's internal IP associated with it. Example: -A PREROUTING -d 66.111.111.30 -i eth1.1000 -j DNAT --to-destination 10.3.3.200
-A POSTROUTING -s 10.3.3.200 -o eth1.1000 -j SNAT --to-source 66.111.111.30
|