Re: RH linux 6.1, IPCHAINS woes

Fri, 07 Jul 2000 18:51:11 -0700 

Wander over to http://www.indyramp.com/masq and check the MASQ archives for more 
complete information.

Assuming you have a 2.2 kernel compiled with IPPORTFW enabled, you also need 
'ipmasqadm' to establish routing for an external public IP through to your internal 
private IP.

The assumption here is that your upstream provider is already routing packets for that 
public address to you.

At 03:10 PM 7/5/2000 , Rodney Dunham said...
>I'm trying (unsuccessfully, I might add) to do a particular thing with
>IPCHAINS that I've seen done with commercial software, and I've run out of
>ideas.  I need someone really good at IPCHAINS to get me headed in the right
>direction.
>
>I want my firewall to take packets for another IP besides its own, pass them
>through, translating them in the process so it appears a particular machine
>on the inside is actually on the outside.  The internal machine won't know
>it is also addressable by the public address, and people outside won't know
>it's real address is in a private network.  The firewall needs to do all the
>work.  All ports need to be so translated for this other IP.  The firewall
>does standard NAT through its usual IP.  Outside machines need to be able to
>initiate connections with this special internal machine, not just respond
>when it initiates them.
>
>Never mind the security aspect, at least at this stage, it's the translation
>and forwarding that I can't get to work.  I can lock it down to specific
>services once the barebones connection works right.
>
>The commmercial FW-1 at work does this, but that's a different OS with a
>different firewall setup and a commercial GUI.  I can't duplicate what it's
>doing since it's such a different setup, or rather I'm not sure I understand
>what it's really doing.
>
>Inside:                 Firewall:                               Outside:
>192.168.1.x             < converts transparently >              public.ip.address.113
>
>                         192.168.1.114, public.ip.address.114
>
>other hosts             < standard NAT >                        public.ip.address.114 
>as per standard NAT

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to