Grischa Schuering wrote:
> I was posting quite a lot articels about this matter in newsgroups, now
> I know why the things I am trying might not be working. Can you give me the
> last hint ?
>
> I set up a private network 192.168.100.0/24 on a linux box by masquerading
> (SuSe 6.2) on eth1. eth0 is connected to a registered network which is
> connected to the internet by a cisco router. I also use a portmaster router
> to dial in from home (on the registered network).
> Now I want to reach the computers behind the linux box from the pertmaster,
> which has a static route to the private ips.
> When masquerading is turned on, it is not working, when I turn it off, it
> does. I believe it behaves this way, because all outgoing ips are
> masqueraded with the eth0 ip of the linux box.
>
> The start/stop script looks like this:
>
> START
>
> ipchains -N user_msq
> ipchains -A user_msq -s 0/0 -d 0/0 -j MASQ
> ipchains -A forward -s 192.168.100.0/24 -d 0/0 -i eth0 -j user_msq
>
> STOP
>
> ipchains -D forward -s 192.168.100.0/24 -d 0/0 -i eth0 -j user_msq
> ipchains -F user_msq
> ipchains -X user_msq
>
> How does the comand has to look like which prevents masquerading a specific
> destination ip range ????
ipchains -F forward
ipchains -A forward -s 192.168.100.0/24 -i eth0 -d x.x.x.x/x -j ACCEPT
ipchains -A forward -s 192.168.100.0/24 -i eth0 -j MASQ
ipchains -A forward -j DENY -l
where x.x.x.x/x is the registered network.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
