RE: [Masq] Internal masquerading

Tue, 30 Mar 1999 21:03:21 -0500 


>I apologize for not being very explicit about what I'm trying to
>accomplish...it's pretty long-winded. Suffice it to say, I am looking for
>EXACTLY what I asked for. I am using ipchains, kernel 2.2.4, ipmasqadm &
>portfw. I am running a server on the LAN(masqed) and clients connect from
>the inside and outside. I want the connection from the inside client to
>appear as coming from the outside...specifically the external interface on
>the firewall.

No problem. First off, the clients would have to be on a different subnet 
from the server, otherwise they'd attempt to connect directly to the 
server, and would completely ignore the linux box and what it was trying 
to do. So 

Here's a possibility that *might* work, although it'd be complicated, and 
a little slow, but it'll do the trick. It relies on you having 2 ip 
addresses and subnets on the server computer, which, presumably, you can 
do.

Lets assume the following:
You've got an IP address of 192.168.0.1 for the linux box, and a subnet 
for the clients of 192.168.0.x
You've got the server computer on 192.168.1.10.
You've got an IP on the linux box as 192.168.1.1 as the router for the 
server.
You've got a "real IP" for the linux box of 50.50.50.50

Here's what you'd do:
Set a static route of 50.50.50.50 netmask 255.255.255.254 on the linux 
box's interface with the server box.
Set an IP address of 50.50.50.51 netmask 255.255.255.254 on the server's 
interface with the linux box
Set an IP address of 192.168.0.10 on the linux box's interface with the 
clients, as the "emulated" IP for your server.

Port Forward any ports that you need from 192.168.0.10 to the server with 
IP MasqADM.
For any services that you want to have your server see as coming from the 
external interface of the linux box, use redir to redirect the connection 
from 192.168.0.10 to 50.50.50.50, and then use a second redir to redirect 
the connection from 50.50.50.50 to 50.50.50.51, and then you're done...

So, now you're going to tell me why you'd want to do such a dastardly 
thing, right? =)

Cheers,
Liam


_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]

Reply via email to