Re: [masq] Masquerading with the internal Adress

Fuzzy Fox Fri, 23 Oct 1998 12:16:25 -0400
Slava Voronin <[EMAIL PROTECTED]> wrote:
>
> I compiled support for  ipportfw and ipfwadm in kernel.
> Right now, I am able to go on the net from all my computers
> which are behind firewall.

Nothing works at all?  Not even a simple "telnet www.yahoo.com 80" ?

> /sbin/ipfwadm -F -f
> /sbin/ipfwadm -F -p accept
> /sbin/ipfwadm -F -a masquerade -S 192.168.1.2/24 -D 0.0.0.0/0
> /sbin/ipfwadm -F -a masquerade -S 192.168.2.2/24 -D 0.0.0.0/0
> /sbin/ipfwadm -F -a masquerade -S 192.168.3.3/24 -D 0.0.0.0/0
> 
> /sbin/ipfwadm -F -a masquerade -S 24.113.3.19/22 -D 0.0.0.0/0
> /sbin/ipfwadm -F -a masquerade -S 192.168.1.1/24 -D 0.0.0.0/0
> /sbin/ipfwadm -F -a masquerade -S 192.168.3.1/24 -D 0.0.0.0/0

Those last two lines appear to be redundant with the first two.  They
specify the same thing.  Not that that should make a difference...

This setup is not very good, because it means that, for instance, a
packet destined to go from 192.168.1.5, to 192.168.2.7, would get
masqueraded!  You probably want to simply forward the packet, instead.
You should think through this some more.  Probably posting your network
configuration would help.

> I need to configure ICQ to work on 192.168.3.3 and 192.168.1.2.

I have no knowledge of ICQ, I'm afraid.  The masq apps page has some
information about it, though.

    http://doncaster.on.ca/~lnevo/masq/

-- 
   [EMAIL PROTECTED] (Fuzzy Fox)      || "Nothing takes the taste out of peanut
sometimes known as David DeSimone  ||  butter quite like unrequited love."
  http://www.dallas.net/~fox/      ||                       -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Masquerading with the internal Adress

Reply via email to
