On Mon Oct 25 1999 at 21:19, "Lang Zhi" wrote:
> I want to setup a mail server and webserver that sit behind an ip-masq
> firewall. How to use ipchains to do this ?
> Let's say the mail server is 192.168.1.2 and the firewall eth1 192.168.1.254
> and eth0 202.184.80.1
>
> How about the ipfwadm rules for this ?
Doesn't matter about the actual IP addresses on the private subnet,
they'll all get masquerated as the public 202.184.80.1 address on the
firewall.
So, off the top of my head... (except for the module names:)
modules="ip_masq_autofw ip_masq_portfw ip_masq_ftp \
ip_masq_irc ip_masq_quake ip_masq_raudio ip_masq_user \
ip_masq_vdolive ip_masq_cuseeme ip_masq_mfw"
for mod in $modules ; do modprobe -a $mod ; done
echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -d 0/0 -j MASQ
Something like that.
Internal routing needs to have default route pointing at the firewall,
and the firewall needs to have the default route pointed to its peer
on the internet side.
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <[EMAIL PROTECTED]> Systems Administrator
GrowZone OnLine (a project of) GrowZone Development Network
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4632 8344
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
