That, in essence, is what IP addressing is about: you don't need the MAC
address of *every* destination in your routing table.
----- Original Message -----
From: Rodney Dunham <[EMAIL PROTECTED]>
To: 'Gary Maltzen' <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, July 10, 2000 9:22 AM
Subject: RE: RH linux 6.1, IPCHAINS woes
> Yes, although there is no specific ARP entry in their router for this
other
> IP to be sent to the firewall. The firewall will have to do that.
>
> -----Original Message-----
> From: Gary Maltzen [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 07, 2000 8:48 PM
> To: Rodney Dunham
> Cc: [EMAIL PROTECTED]
> Subject: Re: RH linux 6.1, IPCHAINS woes
>
>
> Wander over to http://www.indyramp.com/masq and check the MASQ archives
for
> more complete information.
>
> Assuming you have a 2.2 kernel compiled with IPPORTFW enabled, you also
need
> 'ipmasqadm' to establish routing for an external public IP through to your
> internal private IP.
>
> The assumption here is that your upstream provider is already routing
> packets for that public address to you.
>
> At 03:10 PM 7/5/2000 , Rodney Dunham said...
> >I'm trying (unsuccessfully, I might add) to do a particular thing with
> >IPCHAINS that I've seen done with commercial software, and I've run out
of
> >ideas. I need someone really good at IPCHAINS to get me headed in the
> right
> >direction.
> >
> >I want my firewall to take packets for another IP besides its own, pass
> them
> >through, translating them in the process so it appears a particular
machine
> >on the inside is actually on the outside. The internal machine won't
know
> >it is also addressable by the public address, and people outside won't
know
> >it's real address is in a private network. The firewall needs to do all
> the
> >work. All ports need to be so translated for this other IP. The
firewall
> >does standard NAT through its usual IP. Outside machines need to be able
> to
> >initiate connections with this special internal machine, not just respond
> >when it initiates them.
> >
> >Never mind the security aspect, at least at this stage, it's the
> translation
> >and forwarding that I can't get to work. I can lock it down to specific
> >services once the barebones connection works right.
> >
> >The commmercial FW-1 at work does this, but that's a different OS with a
> >different firewall setup and a commercial GUI. I can't duplicate what
it's
> >doing since it's such a different setup, or rather I'm not sure I
> understand
> >what it's really doing.
> >
> >Inside: Firewall: Outside:
> >192.168.1.x < converts transparently >
> public.ip.address.113
> >
> > 192.168.1.114, public.ip.address.114
> >
> >other hosts < standard NAT >
> public.ip.address.114 as per standard NAT
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
