> I have a client who wants to make available to the public
> (through Internet)
> a STRATUS server which resides behind his RH6.0 Linux (kernel
> 2.2.5-15 and
> ipchains for masquerading). I understand that I need to make
> a rule using
> ipchains in order to assign a valid ip (from the subnet that
> the ISP has
> assigned) to an invalid ip (from his private network) but I
You also need the "ip" command from the "iproute2" package, available from
ftp://ftp.sunet.se/pub/Linux/ip-routing/
(I don't know if it's part of RH6, I've haven't tried it (yet)). The "ip"
command lets you do NAT one-to-one, which is what you need in this case
(masquerading is for "anonymous" access to the Net).
Example:
Linux firewall, inside: eth0, outside: eth1
Web server on the inside made public: 192.168.1.1 (default gw = Linux fw)
Official ip address on the Net: 11.22.33.44
The linux firewall must have the official ip address on it's "public"
interface, where it already may have an other one:
ifconfig eth1:0 11.22.33.44 netmask 255.255.255.0
Make the NAT translation with "ip":
ip route add nat 11.22.33.44 via 192.168.1.1 table local
ip rule add from 192.168.1.1 nat 11.22.33.44 table main
Then you must also have ipchains rules that lets things through (be more or
less restrictive that you feel):
ipchains -A input -s 192.168.1.1 -i eth0 -j ACCEPT
ipchains -A input -p tcp -d 11.22.33.44 80 -i eth1 -j ACCEPT
ipchains -A forward -d 192.168.1.4 -j ACCEPT
ipchains -A forward -s 11.22.33.44 -j ACCEPT
Cheers,
Peter
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
