/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Jake Repp wrote:
> There is a quote in the masq-HOWTO about using redirect before masquerade to
> enable hosts on the localnet to access masqueraded machines on the same
> localnetwork but it was not very detailed or well worded. I am having
> problems trying to emulate the described configuration.
>
> Here is the setup:
>
> (MASQing, portfowarding linux box)
> localnet 192.168.1.0/24
> externalip 1.2.3.4
> internalip 192.168.1.1
>
> (internal MS SMTP connector)
> ip: 192.168.1.100
> port fowarded from 1.2.3.4 (fw) as port 25
>
> nameserver on dmz 1.2.3.5 with registered mail exchanger as 1.2.3.4:25 (fw)
>
> Here's the problem:
>
> internal machine 192.168.1.7 wants to send mail using a local MTA.
> MTA looks up mail exchanger for our domain
> MTA attempts to connect to 1.2.3.4 port 25
> Connection masq'd and SYN sent to 192.168.1.100:25 from 192.168.1.7:1056 on
> internal interface of firewall
>
> 192.168.1.100 sends SYN, ACK to 192.168.1.7:1056
>
> 192.168.1.7 sends RST back to 192.168.1.100...OOPS
>
> What is the order and configuration of REDIRECT and ipmasqadm portfw that I
> need to configure in order for these connections to be correctly
> redirected/masq'd on the firewall machine given the sample setup?
>
> Thanks in advance for any help,
> Jake Repp
michael best wrote a kernel patch to make this work without redirect.
it's at http://www.com.org/~michael/masq-demasq.zip
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
