Hi all
I apologize for this newbie question.
I've been reading the perfect little YoLinux's tutorial on the
http://www.iptables.org site, whose title is: "Set up an gateway for home
or office".
By so far, I have only one question yet.
I presume my script should contain these few instructions:
--- Beggining of the script
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 192.168.1.0 netmask 255.255.255.255.0 /
gw ${IPADDR} dev eth1
--- End of the script
This all I need to set up an access from any address within the range:
192.168.1.1 - 192.168.1.255 ( internal computers connected to the switch
), through the eth1 internal interface, and the eth0 external interface,
whose address is ${IPADDR}.
My question is:
What happens, after an existing TCP connection has been established from
the lan to an outdise server, when a need for a new connection from the
outside by the same server to a specified port ( for example auth 113 ),
on this same internal address, occurs ?
The problem is: I have only one external address, ${IPADDR}, and what
makes the incoming packet to be directed onto the right address inside the
lan ? That is, the internal address from which the initial TCP connection
was coming from ?
It might be, this kind of request for connection, could happen
simultaneously several times at a time, for different internal
addresses.
This kind of request for authentification, does occur within many
protocols. Does this way of processing masquerading the lan connections,
work in this case ?
Many thanks for your response.
Jean Francois Ortolo
