Re: [masq] Getting a machine visible to the intenet behind the firewall

Tue, 20 Oct 1998 15:28:54 -0400 

On Tue, 20 Oct 1998, Fuzzy Fox wrote:

> Stephen Mills <[EMAIL PROTECTED]> wrote:
> >
> > 'Network Aliasing' is already compiled into the kernel so this is good.
> > How would I go about finding more information on setting up the virtual
> > ethernet interface ?
>
> Basically, you configure the virtual interface by appending a number to
> the real interface, such as "eth0:0".  You configure it just like the
> real interface, with its own IP address and routes.
>
> After you get ipportfw going, I think you will find that you have a
> reasonable balance between security and accessibility.

        Or if you're pretty comfortable with your security, and have way
too many ports being opened and closed as your application runs, do what I
did, which was plugging in a second NIC in my Linux box, give it it's own
IP address and route packets through it.  Basically the setup was
described in my message called 'Blocking' of a couple of days ago.  The
diagram looks as follows:

         Linux box   +---> eth0 ---> HUB ---> other machine (coyote)
ISP ===>  w/ modem --|
                     +---> eth1 ---> masq network

        The modem get an IP assigned from my ISP (static) and eth0 is
configured with that same IP.  So packets flow straight to the HUB.

        Coyote can be reached from the Internet without problems.  I do
have to setup ipmasq rules for packets to go to it, but hey...  Some apps
just are a pain to open up massive ports just so that they work right.
So, I opted for this method.

        AMK4

  |
  |  Row, row, row your bits, gently down the pipe...
  |____________________________________________________________________
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Ashley M. Kirchner <[EMAIL PROTECTED]>          .   303.442.6410 x130
  SysAdmin / Websmith                           .     800.441.3873 x130
  Photo Craft Laboratories, Inc.             .        3550 Arapahoe Ave
  http://www.pcraft.com                  .            Boulder, CO 80303
  .................. .  .  .     .


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to