Ha...I'm still chuckling. That actually sounds doable. I tried a combo of
redir and portfw and got as far as the connection to the server looking like
it was coming from the internal interface of the linux box...needed that one
more step back.
I posted a few weeks ago regarding running a Starcraft server, FSGS. I
figured out on my own that when I connect to the server, basically a chat
client, it obviously sees the connection from 192.168.1.2. When one
initiates a game, the traffic changes and it becomes the 'server'. FSGS
tells all the clients looking to join the created game to go to that IP. I
can join games sportingly because the other clients are 'outside' and the
traffic from my winbox gets masqed appropriately. But I'm the lucky guy in
the group with a cable modem and wish to host the games. When I start a
game, FSGS tells all the clients to go to 192.168.1.2. You know what happens
from there. It's not a matter of rewriting the header of those packets.
Seemed to me that where FSGS needed only tcp6112 to be forwarded, I could
forward all udp6112 to the winbox. If FSGS sent the IP of the linuxbox
external nic to the outside clients, it should work.
That's my curious project. I will give your solution a try one evening this
week and report the outcome shortly after. Thanks for the advice.
Regards,
Jeff
-----Original Message-----
From: Liam Helmer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Masq
<[EMAIL PROTECTED]>
Date: Tuesday, March 30, 1999 6:45 PM
Subject: RE: [Masq] Internal masquerading
>>I apologize for not being very explicit about what I'm trying to
>>accomplish...it's pretty long-winded. Suffice it to say, I am looking for
>>EXACTLY what I asked for. I am using ipchains, kernel 2.2.4, ipmasqadm &
>>portfw. I am running a server on the LAN(masqed) and clients connect from
>>the inside and outside. I want the connection from the inside client to
>>appear as coming from the outside...specifically the external interface on
>>the firewall.
>
>No problem. First off, the clients would have to be on a different subnet
>from the server, otherwise they'd attempt to connect directly to the
>server, and would completely ignore the linux box and what it was trying
>to do. So
>
>Here's a possibility that *might* work, although it'd be complicated, and
>a little slow, but it'll do the trick. It relies on you having 2 ip
>addresses and subnets on the server computer, which, presumably, you can
>do.
>
>Lets assume the following:
>You've got an IP address of 192.168.0.1 for the linux box, and a subnet
>for the clients of 192.168.0.x
>You've got the server computer on 192.168.1.10.
>You've got an IP on the linux box as 192.168.1.1 as the router for the
>server.
>You've got a "real IP" for the linux box of 50.50.50.50
>
>Here's what you'd do:
>Set a static route of 50.50.50.50 netmask 255.255.255.254 on the linux
>box's interface with the server box.
>Set an IP address of 50.50.50.51 netmask 255.255.255.254 on the server's
>interface with the linux box
>Set an IP address of 192.168.0.10 on the linux box's interface with the
>clients, as the "emulated" IP for your server.
>
>Port Forward any ports that you need from 192.168.0.10 to the server with
>IP MasqADM.
>For any services that you want to have your server see as coming from the
>external interface of the linux box, use redir to redirect the connection
>from 192.168.0.10 to 50.50.50.50, and then use a second redir to redirect
>the connection from 50.50.50.50 to 50.50.50.51, and then you're done...
>
>So, now you're going to tell me why you'd want to do such a dastardly
>thing, right? =)
>
>Cheers,
>Liam
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
