Re: [masq] Masquerading with the internal Adress

Mon, 26 Oct 1998 03:04:59 -0500 


-----Original Message-----
From: Fuzzy Fox <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: vendredi 23 octobre 1998 18:46
Subject: Re: [masq] Masquerading with the internal Adress


>Olivier GOSSELET <[EMAIL PROTECTED]> wrote:
>>
>> ---- 172.x.x.x network----| Cisco Router |--isdn--| Cisco Router |----
193.x.x.x network ----| Linux Firewall |---- 173.x.x.x network ----| Cisco
Internet Router |---- ?? Internet ??
>>
>> The address between our Firewall and the Internet Cisco Router ar
>> unofficial ...  so this time i try to masquerade using the internal
>> address of our Linux Firewall (wich is official) but without success.
>
>It seems to me that, as long as all the links between the 172.* network
>and the Linux Firewall allow passing of default-routed packets in the
>firewall's direction, then this should work.  The Linux box could then
>masquerade the packet and forward it out to the Internet.  You did say
>that the Linux box's IP address is official, i.e. routable on the global
>Internet?
>
>Can a box on the 193.* network masq out through the Linux box?  It
>should be able to.  Any connection masqing from behind the Linux box
>should appear the same as a connection originating directly from the
>Linux box.
>
>All you need is some forwarding rules that recognize which networks
>should be masq'd, as per usual.
>
>> Is there a way to force the masquerading using the IP address of the
>> internal NIC ?
>
>I don't think I understand this question...

I understand what you say and i can find forwarding rules to do masquerading
for packet coming from the 172.* network. But in all the sample i find the
"new" ip source address of the packet is the address of the NIC from wich
the packet go out to there destination ... and in this case this address is
unofficial ... so not possible to go on the net. So i try to find a way to
masquerade using the the first NIC (internal with an official address) and
then forward the packet to the cisco router using the second NIC ... and i
could not find forwarding rules to do that ? is it more clear ?

>
>--
>   [EMAIL PROTECTED] (Fuzzy Fox)      || "Nothing takes the taste out of
peanut
>sometimes known as David DeSimone  ||  butter quite like unrequited love."
>  http://www.dallas.net/~fox/      ||                       -- Charlie
Brown
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to