I just wanted to thank everyone that offered assistance. I upgraded to a 2.4 kernel and iptables and got it working with just one problem.
When I upgraded the kernel, I forgot that my old one had the NIC drivers built in and the kernel-image I installed with apt-get would require that modules to be loaded on boot in order for the computer to boot with network access. Since I was doing it remotley I had to drive 2 hours (round-trip) just to add a line to /etc/modules but other than that there were no problems. Thanks again Chad On 2002.01.08 10:38 Chad Morgan wrote: > On 2002.01.06 00:34 [EMAIL PROTECTED] wrote: > > Hi Chad, > > I'm not sure I've completely understood your question, > > but I assume you want your firewall to do > > masquerading for some of the machines on your LAN, > > and not for others. > > > > I already have masquerading working fine. My current setup is like this > > Internet > | > eth0 = 1.2.3.4 > eth0:1 = 1.2.3.5 > Gateway > eth1 = 192.168.0.1 > | > Internal Network > 192.168.0.21 > 192.168.0.22 > 192.168.0.23 > ... > > Also, a couple of ports on 1.2.3.4 are already being forwarded to > 192.168.0.21 using ipmasqadm portfw > like ipmasqadm portf -P tcp -L 1.2.3.4 80 -R 192.168.0.21 80 > > Now, what I would like to do is forward ALL traffic from 1.2.3.5 to > 192.168.0.22 with something like > ipmasqadm portf -P tcp -L 1.2.3.5 * -R 192.168.0.22 * which doesn't work. > I've looked into a few of the port forwarding tools in the IP > Masquerading > howto but they all seem to only allow forwarding of individual ports and > not blanket forwarding of all ports. > > Also, it isn't practical to connect to a hub on the public network and > have > it use a 1.2.3.* address directly. > > Chad > > > > The line in your firewall script that specifies > > masqerading will be something like: > > ipchains -A forward -s 192.168.1.0/24 -j MASQ > > > > This tells your Linux kernel to masquerade all > > your IP addresses in the range 192.168.1.xxx. > > This is one of the IP address ranges that is > > reserved for local use, i.e. not visible to > > the world outside your LAN. If one of your > > tenants has a public IP address it will not > > be in this range and will therefore not be > > masqueraded. > > In other words, if you system is set up in a > > normal way, you need do nothing to your > > masquerading. You still need to add lines > > to your script to forward packets from outside > > to your tenant's IP address, of course. > > > > I hope this helps. > > Nick > > --- Chad Morgan <[EMAIL PROTECTED]> wrote: > > > I have a box with a 2.2.17 kernel doing ip masquerading. > > > I've figured out > > > how to foward individual ports of the external address to > > > individual ports > > > on an internal address but how can I forward all traffic > > > on all ports from > > > the external address to one of the internal addresses? > > > > > > I know this isn't very secure, but I'm not very concerend > > > about security > > > becuase it isn't our responsibility in this case. We > > > manage a small office > > > building of executive suites and provide high speed > > > internet for our > > > tenants on the DSL line. One of our tenants would like a > > > public address. In > > > this case it is his responsibility to secure his system. > > > Could there be a risk to some of the other tenants by a > > > cracker getting > > > access to their systems through the host that as all > > > traffic forwarded to > > > it? But, I guess if there was they don't really > > > understand the different > > > between private and public ip addresses and should > > > consider themselves > > > exposed anyway and security is again there responsibility > > > since we haven't > > > made any guarantees about their security. > > > > > > Anyway, if this is possible using impasqadm or if someone > > > has a better > > > idea, I'd appreciate some advice. > > > > > > Thanks > > > > > > Chad Morgan > > > > > > > > > -- > > > To UNSUBSCRIBE, email to > > > [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > > [EMAIL PROTECTED] > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send FREE video emails in Yahoo! Mail! > > http://promo.yahoo.com/videomail/ > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
