Hi Stan,
I am not much of an expert but I will try to help
out a bit:
>
> Here's the real problem.
>
> The HOW to give several lines, which I will
> render as given:
>
> # Forward email to your server
> ifpwadm -F -a accept -b -P tcp -S 0.0.0.0/0
> 1024:65535 -D 192.1.2.10 25
what this is that any traffic on port 25 from anywhere
to 192.1.2.10. This would probably be a 192.168.x.x
number or 10.x.x.x if you prefer.
>
> # Forward email connections to outside email servers
> ipfwadm -F -a accept -b -P tcp -S 196.1.2.10 25 -D
> 0.0.0.0/0 1024:65535
This means that any port 25 traffic from
196.1.2.10(192.168.x.x in your case) will leave via
the default route(or something to that effect)
>
> # Forward web connections to your Web Server
> ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0
> 1024:65535 -D 196.1.2.11 80
This means any incoming port 80(web) traffic will be
directed to 196.1.2.11(192.168.x.x in your case)
>
> # Forward web connections to outside Web Server
> ipfwadm -F -a accept -b -P tcp -S 196.1.2.* 80 -D
> 0.0.0.0/0 1024:65535
>
> #Forward DNS traffic
> ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D
> 196.1.2.0/24
I think you get the picture now...I hope...Anyway..If
not then feel free to let me know if I am being vague.
You would only need this done if your web/dns/mail
servers are not on the gateway box. If they
are...then these are completely unnecessary. There is
a much simpler way of just setting up masquerading.
And if you look at the ipchains HOWTO at the very end
are 3 lines that will do the same ipfwadm used to do.
I can also just send you what I have...Works great. I
also have dhcpd set up so that machines behind my hub
get an IP and do their thing. I have Mediaone as
well.
Here is the simple way of doing it:
(if you have one linux box as the gateway running
2.0.x kernels)
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
This assumes that you have set up your second nic card
as 192.168.1.0/24
If you decide to upgrade your kernel to 2.2.5 again
then use:
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d
0.0.0.0/0
This does the same thing.
Chuck
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
