I wouldn't bother...if your firewall supports port forwarding, just use the private ip
addresses and have the firewall forward requests. That is, unless you need to run
multiple instances of the same service on the inside. IE 2 web servers, 2 ftp, etc.
Check out this link
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-6.html#ss6.8
Be sure to check us out at http://infosec.20m.com
_________________________________________________
On Fri, 02 June 2000, "Mike Alexander Sauvain" wrote:
>
> hello volks;), my questions: how i can use real ips ? to say,
> 1. i'm sure that my isp routes to me
> 2. ip masquerading works fine like my follow image
>
> cable
> |
> ------ eth0, real isp ip
> firewall
> ------- eth1,192.168.0.1
> |
> |
> |
> some masquerades surfstations, works fine
> realip, some real ip servers ??
>
> now, my quest's:
> 1. what i should configure out to use real ips behind my fire ?
> 2a. should i masquerade the real ip net to ?
>
> my firewall setup (suse 6.4):
> FW_LOG_ACCEPT_CRIT="yes"
> FW_LOG_DENY_ALL="yes"
> FW_DEV_WORLD="eth0"
> FW_DEV_INT="eth1"
> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_NETS="62.0.70.0/24 192.168.0.0/24" #? should i masquerade the
> real ip net to ??
> FW_MASQ_MODULES="autofw cuseeme ftp mfw portfw vdolive"
> FW_SERVICE_DHCPD="no"
> FW_SERVICES_EXTERNAL_TCP="22"
> FW_SERVICES_INTERNAL_TCP="22 10000"
> FW_SERVICES_INTERNAL_UDP=""
> FW_SERVICES_TRUSTED_NETS="62.0.70.0/24 192.168.0.0/24" # ?right like
> this ?
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
> FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
> FW_ALLOW_PING_FW="yes"
> FW_SERVICE_DNS="no"
>
> thanks 4all...... mike
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-------------------------------------------------
Join a North Sky Community Today!
http://communities.northsky.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
