RE: RH linux 6.1, IPCHAINS woes

Mon, 10 Jul 2000 09:20:09 -0700 

Yes, although there is no specific ARP entry in their router for this other
IP to be sent to the firewall.  The firewall will have to do that.

-----Original Message-----
From: Gary Maltzen [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 07, 2000 8:48 PM
To: Rodney Dunham
Cc: [EMAIL PROTECTED]
Subject: Re: RH linux 6.1, IPCHAINS woes


Wander over to http://www.indyramp.com/masq and check the MASQ archives for
more complete information.

Assuming you have a 2.2 kernel compiled with IPPORTFW enabled, you also need
'ipmasqadm' to establish routing for an external public IP through to your
internal private IP.

The assumption here is that your upstream provider is already routing
packets for that public address to you.

At 03:10 PM 7/5/2000 , Rodney Dunham said...
>I'm trying (unsuccessfully, I might add) to do a particular thing with
>IPCHAINS that I've seen done with commercial software, and I've run out of
>ideas.  I need someone really good at IPCHAINS to get me headed in the
right
>direction.
>
>I want my firewall to take packets for another IP besides its own, pass
them
>through, translating them in the process so it appears a particular machine
>on the inside is actually on the outside.  The internal machine won't know
>it is also addressable by the public address, and people outside won't know
>it's real address is in a private network.  The firewall needs to do all
the
>work.  All ports need to be so translated for this other IP.  The firewall
>does standard NAT through its usual IP.  Outside machines need to be able
to
>initiate connections with this special internal machine, not just respond
>when it initiates them.
>
>Never mind the security aspect, at least at this stage, it's the
translation
>and forwarding that I can't get to work.  I can lock it down to specific
>services once the barebones connection works right.
>
>The commmercial FW-1 at work does this, but that's a different OS with a
>different firewall setup and a commercial GUI.  I can't duplicate what it's
>doing since it's such a different setup, or rather I'm not sure I
understand
>what it's really doing.
>
>Inside:                 Firewall:                               Outside:
>192.168.1.x             < converts transparently >
public.ip.address.113
>
>                         192.168.1.114, public.ip.address.114
>
>other hosts             < standard NAT >
public.ip.address.114 as per standard NAT


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to