Hi Chad, I'm not sure I've completely understood your question, but I assume you want your firewall to do masquerading for some of the machines on your LAN, and not for others.
The line in your firewall script that specifies masqerading will be something like: ipchains -A forward -s 192.168.1.0/24 -j MASQ This tells your Linux kernel to masquerade all your IP addresses in the range 192.168.1.xxx. This is one of the IP address ranges that is reserved for local use, i.e. not visible to the world outside your LAN. If one of your tenants has a public IP address it will not be in this range and will therefore not be masqueraded. In other words, if you system is set up in a normal way, you need do nothing to your masquerading. You still need to add lines to your script to forward packets from outside to your tenant's IP address, of course. I hope this helps. Nick --- Chad Morgan <[EMAIL PROTECTED]> wrote: > I have a box with a 2.2.17 kernel doing ip masquerading. > I've figured out > how to foward individual ports of the external address to > individual ports > on an internal address but how can I forward all traffic > on all ports from > the external address to one of the internal addresses? > > I know this isn't very secure, but I'm not very concerend > about security > becuase it isn't our responsibility in this case. We > manage a small office > building of executive suites and provide high speed > internet for our > tenants on the DSL line. One of our tenants would like a > public address. In > this case it is his responsibility to secure his system. > Could there be a risk to some of the other tenants by a > cracker getting > access to their systems through the host that as all > traffic forwarded to > it? But, I guess if there was they don't really > understand the different > between private and public ip addresses and should > consider themselves > exposed anyway and security is again there responsibility > since we haven't > made any guarantees about their security. > > Anyway, if this is possible using impasqadm or if someone > has a better > idea, I'd appreciate some advice. > > Thanks > > Chad Morgan > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
