Hello,... I've been asking this all over, sure hope some people would help me here....
I currently have a masquerading box that masq'ing & filtering internal LAN to the Internet. I use -j MASQ in the ipchains FORWARD chains. LAN --> MASQ-Filtering-BOX-with-ipchains ---> internet priv-IP Real-IP Now,. my superior wants me to have a bastion host that sits in front of the masq-box. LAN ---> MASQ-BOX----> BASTION ---> Internet priv-IP real-IP real-IP I already managed to make the bastion host to answer all arp request to the masq-box, where both of the boxes still have their real IP with proxy-arp and ip route. ( bastion is kernel 2.4x. with iptables & ip route ) Can anyone suggest me what I should put in the bastion's ( iptables ) FORWARD chain ? because now if I make a connection from internal LAN to outside , I can not see any connection in my bastion coming from my masquerading box. Thanks in advanced. Nick
public_key.asc
Description: application/pgp-keys
