> > Hello,
> >
>
> > I've read and re-read and re-read the IPCHAINS how-to, and I still can't
> figure out how to accomplish port forwarding with mandrake 7.1.
>
> Do a net search on "Trinity OS" and "David Ranch", and do what the man
> says.
>
There's a lot of reading material on his site. I was looking at the Trinity OS
firewall script, and he is still using ipfwadm for port forwarding. I did see some
IPchains stuff for forwarding telnet ports, etc, so I'll do some more digging.
I'm really wondering if there is a IPFWADM that I can still use with my 2.2.15-4mdk
kernel. I have one on my Mandrake 6.1 box, which I believe is using 2.2.14.
================================
> > On a somewhat related topic, consider this scenerio:
> >
> > I want a linux box to function sort of like a switch, passing through internet
>traffic, but isolating each network device
> from another.
> >
> > Example:
> > eth0 = connection to a Masqing box (192.168.1.x network)
> > eth1 = office 1 (192.168.1.41-50)
> > eth2 = office 2 (192.168.1.51-60)
> > eth3 = office 3 (192.168.1.61-70)
> >
> > In this box, I want no masquerading to take place.. I want a machine connected to
>eth1 with an IP of 192.168.1.42 routed
> right out eth0 as the same IP. Basically just like I had a dumb hub. The reason
>for the need for some intelligience here
> is that I don't want Win95 machines in office 1 seeing machines in office 2 using
>their netbios / whatever protocol.
> >
> > The reverse obviously has to work: if a packet comes into eth0 for 192.168.1.65,
>it should go right out eth3 with that
> same IP. This means that eth0 will be responding to several IP numbers, not just
>its own.
> >
> > If it makes it any easier, I can change eth0's network numbers to be on another
>network (like 10.0.0.x), but I still need
> the 1:1 mapping.
> >
> > How/where in IPCHAINS???
>
> This may not be an IPCHAINS issue at all.
>
> Try putting each of your divisions onto separate class C "experimental"
> networks: 192.168.1.0, 192.168.2.0, etc., with appropriate netmasks. If I
> recall correctly, NetBIOS does name searches with broadcasts, which do not
> cross network boundaries. Make sure that none of the W9x machones have any
> LMHOSTS entries that point to another network.
>
> You haven't mentioned NT, so I gather you don't have a SMB domain
> server. If you are using SAMBA on the Linux box as a SMB domain name
> server, you may have to tune how it lets machines on one net see machines
> on another net. I don't know anything about using Samba for domain
> resolution, so you are on your own here.
>
>
> --
>
> -- C^2
I'm confused. I'm not running any samba, or any other kind of server. All I'm trying
to do is allow (in this example) 3 separate office networks to be "switched" into one
ethernet cable, which will connect to another MASQ box to the outside world.
1. I don't want office 1's computers to be able to see office 2's computers at all,
using anything.
2. I need each computer in each office to have its own unique ID on my MASQ box so
that I can track their usage. I don't want to have to do the traffic monitoring on
this box that we are discussing.
3. I am running a DHCP server on this box. Yes, I can hand out different classes, but
it needs to come into a single class C (yet with different IPs) going to my masq box.
Clear as mud, right?
Bob
