Hi,
the answer of Paul Gracy <[EMAIL PROTECTED]> gives the right point.
Using Linux and the IP-Chains package you are able to do this on one PC-box.
There you then establish the firewall with masquerading via the official IP.
I was told it's running fine on LANs like yours. The way of using the user
defined chain-rules is tricky - they change port numbers within the chain -
beware!
You should be in use of linux-kernel-2.2.x - or you have to patch 2.0.x before.
Read the 'Linux IPCHAINS-HOWTO' by Paul Russel <[EMAIL PROTECTED]>
v1.0.5 and later. Within LDP you will find additionaly things on masquerading.
www.rustcorp.com - web site ftp.rustcorp.com - ftp site
You will have to reconfigure your linux-kernel, take use of 'optimize as router
not host', and recompile it. Some work - but it's free stuff.
You may have to read this mail in the history list of lists.gnac.net as well:
List: linux-ipchains
Subject: [ipchains] [Fwd: NAI Security Advisory: Vulnerability in NFR
2.0.2-Research]
From: "Johann G. Hautzinger" <[EMAIL PROTECTED]>
Date: 1999-02-19 8:23:00
There should be some real answers on this also.
HvS
:-)
- -----Original Message----- START
Date: Mon, 24 May 1999 13:13:20 -0400
From: Paul Gracy <[EMAIL PROTECTED]>
Subject: RE:
The biggest problem with this design is not the firewall.. it's the routing
table...
I've never tried, but I think PIX might be able to do this based on
aliases... but you really need to rethink your design and get your subnets
separated somehow or you're going to have issues, no matter whose firewall
you choose.
IMHO.
> -----Original Message-----
From: Ask - [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 21, 1999 5:53 AM
To: [EMAIL PROTECTED]
Subject:
Hi,
Do anyone know what firewall product that can do this
Internet ------- Router -------- Firewall ----- Internal
where
Router ip is a.b.c.1
Firewall ip is a.b.c.2
Internal ip is a class C register IP addresss a.b.c.3 -- a.b.c.254
The normal firewall product is require to have one register IP and
the internal lan is in private IP address. And all internet services is
go
through the proxy Firewall.
What I am looking for is that the Firewall can able to protected the
internal Lan with the internal ip is a range of register internet IP
address instead of the private IP (192.168.x.x.). The Firewall is only
open
up those allow services to go out like http, ftp , etc...
The Firewall can be software or hardware solution.
Thanks.
- -----Original Message----- END
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
