/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Rett D. Walters wrote:
> Hello All:
>
> I am using David Ranch's Trinity OS strong firewall rulesets and they
> don't appear to have a provision for Masq'ing multiple subnets. I
> currently have a multiple subnet network behind a Masq server and would
> like to understand the best way to modify the ruleset to permit all of
> these networks to use the masq server.
>
> Thanks,
> Rett Walters
i don't know if trinityos uses ipchains or iptables. the following
is ipchains related but it should help.
the easy way is to just specify the masquerading interface e.g.:
ipchains -A forward -i ppp0 -j MASQ
then anything sent out via ppp0 will be masqueraded regardless
of its originating network.
if your masquerading rules are dependent on the originating network e.g.:
ipchains -A forward -s $masqnet -j MASQ
then you will need to add more rules to allow traffic forwarded between
internal networks to accepted and not masqueraded e.g.:
# Accept (unmasqueraded) traffic amongst multiple internal networks
for src in $INTERNAL_NETWORKS
do
for dst in $INTERNAL_NETWORKS
do
if [ "$src" != "$dst" ]
then
ipchains -A forward -s $src -d $dst -j ACCEPT
fi
done
done
# Masquerade traffic from internal networks to the outside world
for masqnet in $INTERNAL_NETWORKS
do
ipchains -A forward -s $masqnet -j MASQ
done
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
