/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
David Ranch wrote:
> Well, the crux of the issue is that if your MASQ Linux box is also running
> services such as DNS, Sendmail, DHCP, Samba, NFS, etc.. you will
> see weird problems. The issue is that all of the high return ports that should
> be available for eth0 to respond to for low port requests will now be
> redirected to 192.168.1.4 (in this example). Also, the redirection of ports
> 1024-65535 is known to do wreck havoc to the Linux IP stack.
I know, it's weird. And while my Masq box is also running other services, such
as DNS, Sendmail and WWW, everything seems happy (please put A LOT of emphasis on
'seems' - only because over the past year I've never noticed anything go wrong at
all).
Keep in mind folks, this is all running ipMASQ, NOT ipchains. Once I switch to
ipchains there's a really good chance this setup may never work again.
For grins and giggles, I just went over my whole setup again, with the portfw
settings and all, and frankly, I don't know WHY it's working either. I will say
this, ALL services on any of the aliased IPs WILL end up on the main IP (the masq)
box, with the exception of pcAnywhere because those ports I have forwarded to
internal hosts.
In other words (or maybe a more graphical representation):
eth0 111.222.333.444 -> 192.168.1.4
eth0:0 111.222.333.555 -> 192.168.1.5
eth0:1 111.222.333.666 -> 192.168.1.6
eth0:2 111.222.333.777 -> 192.168.1.7
If I connect to 111.222.333.777:25 (eth0:2), I really end up on
111.222.333.444:25 (eth0). And the same goes for all other ports, with the
*exception* of pcAnywhere ports, which get redirected to the internal hosts via
-ipportfw-. Anything other than pcAnywhere ports will just end up on the masq box.
Now, is this the right way to do it? Is this the smart way to do it? Is this
even possible? Heck if I know. When asking how come it works, I can't answer
you. Maybe I managed to eradicate all the little kermits from my servers, I really
can't tell. What I CAN tell though is that it has never caused me any trouble.
All stacks run, nothing has crashed and the system is happy.
AMK4
--
W |
| I haven't lost my mind; it's backed up on tape somewhere.
|____________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . eFax 248.671.0909
http://www.pcraft.com . 3550 Arapahoe Ave #6
.................. . . . . Boulder, CO 80303, USA
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
