RE: [leaf-user] allowing internal connections w/o IPSec

Thu, 15 Aug 2002 13:47:54 -0700 

Sorry, I'm using Dachstein

Joey


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Cass Tolken
Sent: Thursday, August 15, 2002 3:48 PM
To: [EMAIL PROTECTED]; LRP Support
Subject: Re: [leaf-user] allowing internal connections w/o IPSec

Hi Joey,

--- Joey Officer <[EMAIL PROTECTED]> wrote:
> In my situation, I have to allow someone in from an outside source.  I
> already have IPSec in place, but they are not using any sort of IPSec
> gateway/tunneling.  How do I allow incoming connections from an outside
> source (I'll know the IP) to an internal machine.  I assume this is using
> some sort of IP forwarding.

You didn't specify which flavor of LEAF you were using (Bering, Dachstein,
Oxygen, PacketFilter, WISP-Dist...)  If you're using Bering which uses
Shorewall, you can do something like this:

In /etc/shorewall/rules

  DNAT       net:$OUTSIDE_SRC_IP   loc:$INTERNAL_MACHINE   tcp   -
  DNAT       net:$OUTSIDE_SRC_IP   loc:$INTERNAL_MACHINE   udp   -

where OUTSIDE_SRC_IP and INTERNAL_MACHINE are defined in

/etc/shorewall/params

  OUTSIDE_SRC_IP=86.75.30.9       # Jenny's IP number ;)
  INTERNAL_MACHINE=192.168.1.1

The '-' at the end of the DNAT lines are for all ports, you can restrict
this to specific ports.

If you're using another flavor of LEAF, I can't help you... sorry.

> I'm in a little bit of a bind and would really appreciate a quick
response!
>
> Thanks in advance.



__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to