On Fri, 9 Jul 1999, Anna Valsami wrote:
> Good evening all.
good evening.
> I have a client who wants to make available to the public (through Internet)
> a STRATUS server which resides behind his RH6.0 Linux (kernel 2.2.5-15 and
> ipchains for masquerading). I understand that I need to make a rule using
> ipchains in order to assign a valid ip (from the subnet that the ISP has
> assigned) to an invalid ip (from his private network) but I don't know if
> this is the right way. Has anybody seen it working in real life? Is there
> any other tool for NAT under Linux?
>
> I would appreciate any hint.
if you want to do it in kernel space, get ipmasqadm from
http://juanjox.linuxhq.com/ (there's source and an RPM), (build and)
install it. the manual page tells you what kernel config options need to
have been set, but they all appear to be set on a stock RH6 box.
then:
ipmasqadm portfw -f # to flush the rules
ipmasqadm portfw -a -P tcp -L 203.345.24.68 81 -R 192.168.1.17 80
this will forward TCP connections to port 81 on your real IP address (the
one possessed by your Linux box's external interface, in this example,
203.345.24.68) to port 80 on an internal, privately-addressed machine (in
this case, 192.168.1.17).
hope that's clear. the act of running the first 'ipmasqadm' command
should cause the loading of the kernel module 'ip_masq_portfw' - if this
doesn't happen you may have to help it.
works for me.
as juan ciarlante points out, the advantage to doing it in kernel space is
that your server logs make some kind of sense - if you do it in user
space, all the connections will appear to come from your Linux box.
hope this helps.
Tom Yates - Senior Networking Specialist - Gatekeeper Technology, Ltd.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
