why go through all this trouble to reinvent the wheel?
hop on freshmeat.net and get pmfirewall it wil take care of this for
you.
Regards,
Ron
-----Original Message-----
From: Eric Peters [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:25 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [expert] Another IPCHAINS question
I forgot to ask you. I need to also know what interface is to your internal
network and what interface is to the internet.
For example:
eth0=Internal net
eth1=Internet or link to the outside world.
Cheers,
-----------------------------------------------------------
Eric Peters Mail:[EMAIL PROTECTED]
System Administrator Network Operations
Inherent Technologies Inc.
office (503)224-6751 ext 224
-----------------------------------------------------------
-----Original Message-----
From: Eric Peters
Sent: Monday, August 28, 2000 12:11 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [expert] Another IPCHAINS question
Ok what is your internal network addressing like? 192.168...ect... And what
is your ip address I will build you a custom ipcains script that will
forward and masq. I also need to know if you are a dsl or cable modem user.
@home has some stuff that I need to add.
Cheers,
-----------------------------------------------------------
Eric Peters Mail:[EMAIL PROTECTED]
System Administrator Network Operations
Inherent Technologies Inc.
office (503)224-6751 ext 224
-----------------------------------------------------------
-----Original Message-----
From: Bob Puff@NLE [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 11:47 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [expert] Another IPCHAINS question
> > Hello,
> >
>
> > I've read and re-read and re-read the IPCHAINS how-to, and I still can't
> figure out how to accomplish port forwarding with mandrake 7.1.
>
> Do a net search on "Trinity OS" and "David Ranch", and do what the man
> says.
>
There's a lot of reading material on his site. I was looking at the Trinity
OS firewall script, and he is still using ipfwadm for port forwarding. I
did see some IPchains stuff for forwarding telnet ports, etc, so I'll do
some more digging.
I'm really wondering if there is a IPFWADM that I can still use with my
2.2.15-4mdk kernel. I have one on my Mandrake 6.1 box, which I believe is
using 2.2.14.
================================
> > On a somewhat related topic, consider this scenerio:
> >
> > I want a linux box to function sort of like a switch, passing through
internet traffic, but isolating each network device
> from another.
> >
> > Example:
> > eth0 = connection to a Masqing box (192.168.1.x network)
> > eth1 = office 1 (192.168.1.41-50)
> > eth2 = office 2 (192.168.1.51-60)
> > eth3 = office 3 (192.168.1.61-70)
> >
> > In this box, I want no masquerading to take place.. I want a machine
connected to eth1 with an IP of 192.168.1.42 routed
> right out eth0 as the same IP. Basically just like I had a dumb hub. The
reason for the need for some intelligience here
> is that I don't want Win95 machines in office 1 seeing machines in office
2 using their netbios / whatever protocol.
> >
> > The reverse obviously has to work: if a packet comes into eth0 for
192.168.1.65, it should go right out eth3 with that
> same IP. This means that eth0 will be responding to several IP numbers,
not just its own.
> >
> > If it makes it any easier, I can change eth0's network numbers to be on
another network (like 10.0.0.x), but I still need
> the 1:1 mapping.
> >
> > How/where in IPCHAINS???
>
> This may not be an IPCHAINS issue at all.
>
> Try putting each of your divisions onto separate class C "experimental"
> networks: 192.168.1.0, 192.168.2.0, etc., with appropriate netmasks. If I
> recall correctly, NetBIOS does name searches with broadcasts, which do not
> cross network boundaries. Make sure that none of the W9x machones have any
> LMHOSTS entries that point to another network.
>
> You haven't mentioned NT, so I gather you don't have a SMB domain
> server. If you are using SAMBA on the Linux box as a SMB domain name
> server, you may have to tune how it lets machines on one net see machines
> on another net. I don't know anything about using Samba for domain
> resolution, so you are on your own here.
>
>
> --
>
> -- C^2
I'm confused. I'm not running any samba, or any other kind of server. All
I'm trying to do is allow (in this example) 3 separate office networks to be
"switched" into one ethernet cable, which will connect to another MASQ box
to the outside world.
1. I don't want office 1's computers to be able to see office 2's computers
at all, using anything.
2. I need each computer in each office to have its own unique ID on my MASQ
box so that I can track their usage. I don't want to have to do the traffic
monitoring on this box that we are discussing.
3. I am running a DHCP server on this box. Yes, I can hand out different
classes, but it needs to come into a single class C (yet with different IPs)
going to my masq box.
Clear as mud, right?
Bob
