Accessing a machine behind a firewall

I’m in the situation where I’m trying to create 2 private networks using ESX server, all behind a NAT router (static ips are used).
I used an openSuse11 vm as a router and was able to configure it so that a machine on one private network was able to access the public network.
The problem I have now it that I need to be able to access a machine on the private network from the public network using a different set of IP’s.

So if a machine in the private network has an IP of 10.1.0.222 I should be able to ping it using 10.99.0.222 or some other IP.

I have never done this before and after reading up on iptables and linux routing I feel more confused than before.

Is it possible to add IPs to eth0 (public) and have them mapped to machines on a private network eth1 or eth

Any ideas would be appreciated…

So if a machine in the private network has an IP of 10.1.0.222 I should be able to ping it using 10.99.0.222 or some other IP.

10.99.0.222 is still a private address. Usually access from the public Internet have to be arranged by creating port forwardings on the router that separates the public and private networks. Details depend on router.

Are you saying that you have configured an OpenSuSE 11.x VM as your IG gateway and router?

If so, then your topic might still be a topic for this Forum, but you’ll need to post specifics (which can be masked using substitute values) of both your physical and logical networks, ie. If everything is installed on this one ESX box, then what are the physical interfaces, plus the logical networks you have configured noting which logical addresses match which physical interfaces.

Note that you may need to “break in” to the ESX command environment to run IFCONFIG or you’ll be doing a lot of copying by hand.

Also note that if you’re concerned about security that any hosts on the same physical network has access to all packets on the wire even if configured for a different logical network.

Tony

So after some tinkering, I managed to get it working.

All I wanted was a simple 1:1 mapping of public to private ips. I was using iptables to link an eth0 ip to an ethX ip and it wasn’t working.
The problem was the firewall. Tony, your comment made me realize that I didn’t need it. After disabling it, my iptables entries worked.