/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Sean A. Walberg wrote:
> Browsing through the archives and FAQs, I'm having a bit of trouble
> figuring out which way I should do this:
>
> Internet------[FW]---172.16.0.0/24
> \-192.168.1.0/24
> The firewall is a 3 legged device. Outside, it has eth0 as
> 111.111.111.111 and eth0:0 as 111.111.111.112
>
> What I want is the internal users (172.16.0.0/24) to be able to use
> masquerading. This isn't a problem. I want to put a web server in the
> perimeter (192.168.1.0/24) network and port forward from 111.111.111.112
> into the appropriate box.
>
> I would think that if I used port forwarding on .112, the packet would get
> in to the web server, but masquerading would send the reply out .111. So
> then I'd have to use iproute2. The archives seem to point towards mfw as
> an alternative, but documentation seems thin. A userland program could
> probably do it, but that's not too efficient.
>
> Any prods in the right direction?
have a look at http://fwup.org/ and look for "alias port forwarding".
it can do it for you or at least give you an example to work from.
it use portfw to forward the incoming packets, ipchains to fwmark
the outgoing packets and iproute2 to nat the fwmarked packets.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
