RE: [Masq] Ipforwarding

Mon, 28 Aug 2000 14:42:44 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


> -----Original Message-----
> From: George Vieira [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 28, 2000 3:39 PM
> To: '[EMAIL PROTECTED]'
> Subject: [Masq] Ipforwarding
> 
> Hey all,
> 
> I have ipmasqadm working well with my setup at home and so on 
> but I have one
> question.
> 
> My linux firewall is on 200.xxx.xxx.200 and I have routes for
> 200.xxx.xxx.201 to go to the this firewall. The linux box has 
> a rule for the
> 201 address be a port forward for port 80 to an internal 
> machine using the
> below command:
> 
> /usr/sbin/ipmasqadm portfw -a -P tcp -L 200.xxx.xxx.201 80 -R 
> 10.0.0.10 80
> 
> this is so the outside IP address for 200.xxx.xxx.201:80 goes 
> to an internal
> machines web server.

Looks good.

> Now what I would like to confirm is how does the firewall IP 
> forward the
> internal webservers internal IP back out via the external 
> address and not
> the external address of the firewall... eg.. go out as 
> 200.xxx.xxx.201 and
> not as 200.xxx.xxx.200
> 
> I have the feeling (haven't been able to check) that the 
> internal machine is
> masqueraded as the firewalls IP and not the webservers external IP..

You nailed it, it's getting masq'd to the firewall's IP, and not the
"external IP of the webserver".  In order to make that work you'll have to
add some special routing rules to make it send packets out the interface
that has the XXX.201 address, instead of the XXX.200 address.  I find the
OpenBSD syntax (and handling) of this entire situation MUCH nicer and more
logical.  :-)
        Greg

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to