/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
As long as we're on this subject, I have a related question. Is it
possible to do NAT from a *pool* of external addresses? I have five
external IPs, and I'd like to use my masqing firewall to allow multiple
people behind the firewall to connect to games that aren't necessarily all
that NAT-friendly. (many games require specific ports to be free.) If
the external masqing drew from a pool of available addresses, that would be
just about perfect. I don't need 1-1 mappings (though that would be nice
as an option), but having it use as many IPs as possible would tend to make
things work better for NAT... I think.
However, in looking, I don't think this was in the spec at all, and, like
the poster below, I don't think this will work with Linux in its present
form. Maybe with 2.4. :-)
I think Checkpoint's Firewall-1 will do this, but I don't really want to
spend five thousand dollars so I can play games properly. :)
I really don't understand why someone doesn't come out with a friendly,
cheap firewall. Checkpoint could make a bloody killing selling to people
like me... techies with a clue but without five grand to spend on security.
I'd spend $250 for a stateful inspection, multiple-external-address NAT,
that dealt fairly well with games... and I bet I'm not the only one!
I'd buy more than one, too -- I'd buy at least 10. We have lots of
employees that would like to telecommute. I'd be willing to settle for two
incidents of support, and would be willing to pay for anything past two.
*sigh* Hopefully someone out there will get a clue. *hint hint* Maybe
Linux will grow into this area someday. sifi looks pretty cool, but it
doesn't do masq.
<<RON>>
----- Original Message -----
From: Alan Izzo <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 19, 1999 10:26 AM
Subject: [Masq] Masqing to/from multiple "real" IP addresses
>
> Hi all -
>
> I have a question regarding the use of IPMASQ/PORTFW in a rather
> unconventional manner... I have not looked at the code or tried to play
> around with configuring it to do what I am trying to do as I don't
> really think it will work, so I wanted to bounce it off you all first
> and get your thoughts...
>
> I have made a feeble attempt at drawing what I want to do below. What I
> have is a masq box with 3 Ethernet interface (2 local and 1 to the
> Internet via a cable modem). With standard masq all of the traffic
> to/from the local networks gets translated into the single IP address of
> the interface that is connected to the cable modem (1.2.3.4 in my
> picture).
>
> However, in my perverse model I want to have each internal network
> (192.168.0.x and 192.168.1.x in the picture) masq'ed to it's own
> different global IP address that has been assigned by my cable modem ISP
> (say, in my picture below, the ISP provided me with a block of 3 "real"
> IP addresses 1.2.3.4, 1.2.3.5 and 1.2.3.6). I would like to masq all
> the traffic coming to/from the 192.168.0.x network masq'ed to the IP
> address 1.2.3.5 and all of the traffic coming to/from the 192.168.1.x
> network masq'ed to 1.2.3.6. Can I do this with the current masq code (I
> am running on RedHat 5.2, Linux 2.0.36)? If so, how do I configure it
> and can the port forwarding code handle this configuration as well (i.e.
> can I forward port 80 on IP address 1.2.3.5 to 192.168.0.2 port 80 AND
> forward port 80 on 1.2.3.6 to 192.168.1.2 port 80)?
>
> If masq/portfw can not do what I am trying to accomplish, do you all
> know of a way I can do it (i.e. another Linux feature like masq but
> different) that would allow me to accomplish this?
>
>
>
> +----------+
> | | Ethernet
> | A0-box |:::::: 192.168.0.x
> | |.2 :
> +----------+ :
> : +----------+
> : .1 | Linux | Ethernet +-------+
> :::::::| Masq-Gate|:::::::::::| Cable |::: Internet
> +----------+ : | | | Modem |
> | | : +----------+ +-------+
> | B0-box |:::::: : .1 1.2.3.4
> | |.3 :
> +----------+ :
> : Ethernet
> : 192.168.1.x
> :
> :
> ::::::::::::::::::::::::::::::
> : :
> : .2 : .3
> +----------+ +----------+
> | | | |
> | A1-box | | B1-box |
> | | | |
> +----------+ +----------+
>
>
> Thanks a lot for any help, ideas, comments etc.!
>
> Alan
>
> --
> Alan Izzo
> High Beam Software, Inc.
>
> E-Mail: [EMAIL PROTECTED]
>
>
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
