Damnit, I miskeyed. I'll have what I intended to send up here in a minute....
Stan > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 4:10 AM > To: [EMAIL PROTECTED] > Subject: RE: [hlds_linux] OT: Routing securely > > > I think Florian is direct to list. I don't think he uses > Ken's newsgroup > server. > > Anyhow, do NAT'ing seems like your best bet. One major advantage to > implementing this just once, is that each time you switch > ISPs, and thus > your addresses change, it is MUCH eaiser to migrate. > > There are quite a few different implementations of NAT, as > others pointed > out. If you're not into editing .conf files with VI in order > to firewall, > I'd suggest SmoothWall. It'll probably do everything you > need, including > 1-to-1 external to internal NAT mappings, and it also has DMZ > functionality, > if you so desire to use that for your game servers. > > http://www.smoothwall.org > > I think what has you stumbling is how to setup 1-to-1 NAT > mappings from > external NIC ip addresses to the internal private IP > addresses. I've not > done it manually with Linux, but many popular Linux based and > win32 based > firewall products are capable of this. SmoothWall is one. > Hell, I think > you can even do this with W2K's NAT. > > In essence, you bind all of your public IPs that the ISP has > given you to > your public NIC. Thus, it will accept any traffic thrown at > it from the > world. You then create 1-to-1 NAT mappings from the public IPs to the > private IPs of your game servers: > > 207.151.100.194 > 207.151.100.194 > 207.151.100.194 > 207.151.100.194 > > > -----Original Message----- > > From: Khyron [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, August 13, 2002 3:59 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [hlds_linux] OT: Routing securely > > > > > > Hrm - Florians msg didn't show up in my mail - newsgroup only? > > > > Originally I had my linux box doing my routing/firewall - > > because my ISP > > gave me a proper 8 ip subnet (so first and last broadcast) > > and then gave me > > a single static for the external firewall nic. They also made > > a routing > > entry on their equipment that routed that 8 ip subnet to the single > > non-subnetted ip. Thus I had the static on the outside, 1 of > > the subnet ips > > on the internal interface, then the other statics on the > > internal machines, > > using the internal fw eth as gateway. Set ipforwarding on, > > and its done. > > > > The new ISP is doing it the old way, they don't issue > > subnets, just random > > single statics. My set includes x.194, 195, 196, 197, 208, > > 209. x.193 is > > their gateway. Subnet mask is .192 > > > > So if I have my ext eth card bound to say, 194 any requests > > to 195, 196 etc > > never even hit the interface because their router is arping > > for 196 and > > since it's internal it is never seen. And even if I get the > ARP proxy > > working to answer the requests, I'm stuck. > > > > The Nating idea doesn't seem to be able to do it > > bi-directionally - at least > > not that I can see. I can have the single nic answer for all > > the IPs, but > > having it send to 10.x and then have any returning traffic > > reconverted into > > the proper static is not easy. > > > > Seriously - how do you guys firewall your stuff if you have > > more than 1 > > static? Say you have 2 cstrike servers running on the same > > port on different > > machines - you can't NAT them both. You just have them live > > outside the > > firewall? I've been on this list for 2+ years and can't > > recall seeing this > > topic other than "what ports do I need to open". > > > > Right now my naked win2k machines and my cs server are > > plugged right into a > > hub which has the modem plugged as well. Works, but > insecure as hell. > > > > Regards, > > > > Khyron > > > > ----- Original Message ----- > > From: <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, August 13, 2002 2:01 AM > > Subject: RE: [hlds_linux] OT: Routing securely > > > > > > > IIRC Florian, he didn't want to have to re-compile his > > kernel. That must > > be > > > what you missed. > > > > > > StanTheMan > > > TheHardwareFreak > > > http://www.hardwarefreak.com > > > rcon admin at: > > > Beer for Breakfast servers <http://bfb.bogleg.org/> > > > 209.41.98.2:27016 (CS multi-map) 209.41.98.2:27015 (DoD) > > > 209.41.98.2:27017 (CS militia/dust2) Dallas, TX > > > > > > > > > > -----Original Message----- > > > > From: Florian Zschocke [mailto:[EMAIL PROTECTED]] > > > > Sent: Tuesday, August 13, 2002 2:23 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [hlds_linux] OT: Routing securely > > > > > > > > > > > > Khyron wrote: > > > > > > > > > > Yah I could NAT with a 10.x or whatever, but avoiding NAT > > > > is the reason I > > > > > paid extra for the statics. I've been looking at Arp Proxy, > > > > but any of those > > > > > that I found on the net assumes you have a full subnet, as > > > > opposed to my > > > > > situation (several statics that are not all in sequence). > > > > The only other > > > > > thing I've found is a "bridge" but it's more of packet > > > > > sniffer/blocker/shaper than a true firewall/gateway. > > > > > > > > Excuse me for asking a stupid question, but why was it that you > > > > can't simply have the Linux box act as a routing firewall for > > > > those 7 static IPs? I must have missed something. > > > > > > > > Florian. > > > > _______________________________________________ > > > > To unsubscribe, edit your list preferences, or view the list > > > > archives, please visit: > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the > > list archives, > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list > > archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux