/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On 24 Nov 2000, John Schmerold wrote:
You will need to modify your kernel in order to make this work. I've written
a patch that does this.
You can download it from http://www.com.org/~michael/masq-demasq.zip
Unzip the file in /usr/src as masq-demasq.patch and run "patch -l -p0
<masq-demasq.patch" from there. You will then have to rebuild your kernel. Go
to /usr/src/linux and run "make bzlilo".
This patch basically allows "de-masqed" packets to be "masq-ed" again. Thus it
checks the forward chain even when packets have been de-masqed. However, it
ignores "DENY" or "REJECT" targets. Thus your MASQ rule should be based only
on the source address and not on the destination interface or address.
> Applicable portions of our rc.firewall follow:
>
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -i eth0 -j MASQ
> /usr/sbin/ipmasqadm portfw -a -P tcp -L 209.81.168.103 80 -R 192.168.35.34
> 80
You should change line 2 above to read "/sbin/ipchains -A forward -s
192.168.35/24 -j MASQ"
-- Michael Best
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
