/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hello all, Here is my situation. At my office we have a T1 line and 61 publicly routable IP addresses. Currently our T1 connects to a cisco 2600 series router, which I have no control over, and that router just has a simple ethernet connection to our local LAN. Each workstation/server on that LAN has one of the routable "real" IP addresses I mentioned. Well, most of these workstations are just win98/NT boxen, with no real security or protection. So I tasked myself with setting up a firewall. No problem, we had a machine (pentium 533, 128mb ram) with 2 ethernet cards that I thought would work great as a firewall. I installed VA linux 6.2.1 (its redhat) and began to "secure" it, removing unneeded services, etc etc. Once I felt it was working as it should, I began to read the ipchains and MASQ HOW-TOs ... it was then that I came to the realization, that I wasn't going to be able to do what I want, Static NAT, or 1:1 Nat. MASQ Seems only to be able to do 1 to Many NAT. Well, I've got 61 IP addreses, there is no sense in using Masq when I shoudln't have to ... So here is what I want to do, which I've done at other jobs using CheckPoint FW-1 (expensive!). I want to be able to create a new network, where all the machines use an RFC1918 address (192.168.100.x), and the default route for that network is 1 interface on my firewall. The other interface sits on the "real" network, the internet connected one, and his default route is the cisco router, to get to the internet. Is there ANY way to get this accomplished with a 2.2 kernel (2.2.17 specifically)? Has anyone done it? Can someone point me to a better example than just the iproute2 ones? (I've read them, and can't seem to make it work, and everyone else I ask just says "Use ipchains" and then stares open-mouthed when I say I want to use static NAT). If you can't do this with linux 2.2, is there another solution? I'd rather not use BSD, as I'm just more familiar with linux and SysV unix in general ... This would be easy with FW1, but we just don't have the $$ for it (anyone ever used fw-1 for linux?). Thanks in advance! -e _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
