you need to re compile the kernel for this ok
for ip masq you need to re config the kernel ok
stephen
----- Original Message -----
From: "Greg Stewart" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 8:34 AM
Subject: Re: [newbie] Linux/Networking/Firewall
> You need to alias the external interface to act as all 5 external "real"
IP
> addresses a,d use ipmasqadm to port forward the incoming requests to the
> appropriate masqeud internal IP address.
>
> The format for setting IP aliasing is (where the "xxx.xxx.xxx.xxx"s
> correspond to the IP addresses and subnet info from your ISP):
>
> /sbin/ifconfig eth0:0 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx broadcast
> xxx.xxx.xxx.255
>
> repeat for each aliased eth0 IP (eth0:1, eth0:2, eth0:3, etc.), and then
> create ipchains rules for firewalling each aliased IP.
>
> In the firewall script, make sure the gaming port is open for all aliased
> IPs.
>
> Install ipmasqadm and set port forwarding rules for each aliased IP to
each
> corresponding masqued internal IP. I believe the syntax is as follows, but
> you should read the ipmasqadm HOW-TOs to be sure.:
> (Assuming your internal network is on192.168.x.x, and the Gaming Port is
> "XXXX")
>
> /sbin/ipmasqadm -a -P tcp -L xxx.xxx.xxx.xxx XXXX -R 192.168.xxx.xxx XXXX
>
> Let me know if this helps, or if I've screwed something up in the
> translation. :-)
>
> --Greg
>
> ----- Original Message -----
> From: "Wignall, Mark T" <[EMAIL PROTECTED]>
>
>
> > Hoping for some help here:
> >
> > I previously had the following setup within my network at my residence.
1
> > Linux box w/ 2 NIC cards. 1 connected to the DSL modem, and 1 to a HUB
> > where other computers throughout the house are connected. I configured
> NIC
> > 1 for the IP address given to me by my DSL provider, and configured the
> > other NIC for the private network IP range 196.168.x.x. Next I
configured
> > IP Forwarding and Masquerading, and alas had everything set up and
working
> > perfectly.
> >
> > Some online games won't allow duplicate IP addresses to be seen on the
> game
> > server, and as all computers within my private net were sharing the 1 IP
> > address provided by the DSL provider, only one computer at a time to
could
> > be gaming. I've recently acquired a different DSL package, which gives
me
> 5
> > static IP address, so I should be able to configure my network as I
hoped.
> >
> > Obviously, I could have just put all computers, and the DSL modem on my
> HUB
> > and life would be good from a gaming perspective, however, I would very
> much
> > like to have a firewall installed that helps protect against intruders.
> > Under this scenario, I'd have to install a firewall on each PC to gain
> some
> > protection...what a hassle.
> >
> > What I'd like to do is configure my Linux box like I had before, but
> replace
> > the Private network with additional IP's that I gained. I tried setting
> > this up, but fell short after realizing that Linux acting as a router
> can't
> > route unless there are two different networks (IP sets) to route
between.
> > Since all my machines IP's belong to the same network (IP set), I can't
> > "route" per se.
> >
> > What I came across were some HOWTO's on bridging+firewall. Essentially
> the
> > bridge creates a virtual NIC that binds the two together, and I place
the
> > firewall (IPchains) on this virtual NIC. I configured it, set it up,
and
> > appear to be accomplishing my goal. The firewall stuff is working on
> every
> > machine, and of course gaming is now a reality.
> >
> > In summary, my question is this. Is this the best/only approach I can
> take
> > in setting up my environment? Is there a way to accomplish this by
> setting
> > up my own route tables? The reason I ask is because when everything is
> > "idle" on my network, I see blips on the DSL modem about every 3 seconds
> or
> > so. I've narrowed it down to the bridge stuff, as I can bring the
bridge
> > down, and the blipping stops. I don't know what is happening, and I
don't
> > believe that the bridge is impacting performance much, still I don't
know,
> > so I thought I'd pose the question to the experts out there.
> >
> > Thanks in advance,
> > Mark Wignall
> > [EMAIL PROTECTED]
> >
>
>
>
____________________________________________________________________________
__
> Vous avez un site perso ?
> 2 millions de francs à gagner sur i(france) !
> Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
>
>
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.198 / Virus Database: 95 - Release Date: 10/4/00
