On Sat, 28 Nov 1998, Vincent F. Febbraio wrote:
> Hello my name is Vince and I was looking through the digest for a
> possible answer to my questions regarding ip masquerade. I will ask
> my first question in this message. I want to know if it is possible
> to just mask one computer on the system? I am running Redhat 4.2 here
> and have three computers with assigned ip addresses from my isp. I
> just got another computer I want to add to the network but do not
> have a ip address for that one.For this example we will say that the
> main Redhat box has an ip address of 200.30.100.23. The other two
> computers are running Windows 95 and are linked to the main computer
> running Redhat with ethernet cards and a Linksys 5-port Workgroup
> Hub. Let us say those computers have ips of 200.30.100.24 and
> 200.30.100.25.
> Now for the third computer that I do not have an assisgned ip from my
> isp. Let us say I want to use 192.168.1.2 for this computer.What are
> the ipfwadm ruleset I need in order that the first two computers
> remain with no change. In other words no masq what so ever on these
> two.On the third computer I want the masq to take place.
> I did try:
> ipfwadm -F -p deny
> ipfwadm -F -a m -S 200.30.100.23/32 -D 0.0.0.0/0
> ipfwadm -F -a m -S 200.30.100.24/32 -D 0.0.0.0/0
> ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
> All this did was to make all three computers appear to have the
> 200.30.100.23 address.The only one that should appear to also have
> the 200.30.100.23 address should be the third computer.I think I
> might need some accept statements in here somewhere?
> Sorry to make this such a large message, and thank you in advance.
>
> Vince
Others will undoubtedly give you a more complete answer, but here's my
contribution.
The "m" in the ipfwadm command means "masquerade". You should use it
for addresses in your private space, meaning the 192.168.1. addresses.
You should forward without masquerading the official Internet addresses
you got from your ISP, which are the 200.30.100. group.
You don't have to write individual lines for each host. You can cover
all hosts on your private net with a single line that specifies
"192.168.1.0/24" and similarly one line for the official numbers.
What I don't exactly see is how to handle the two hosts that have
offical addresses, but are actually attached to a private network on one
of the Linux host's ports, and not directly to the ISP's network. IP
addressing requires that all hosts on a physical network segment have the
same network address. Thus, if their port on the Linux host has the
address 192.168.2.1, then their network address is 192.168.2.0, and the
hosts must all have addresses of the form 192.168.2.2, 192.168.2.3, and so
on. IP aliasing on the Linux gateway host might be the solution, but I
don't know just how to apply it. Can anybody else help here?
Jack Carroll
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
