"Weird" is the word that best describes your Masquerading scheme. I cannot quite
make sense out of this thing. Why masquerade in the first place when you have
registered IPs?
To my opinion, Masquerading does two good things:
1.) Allow the use of private IPs to access the INTERNET
2.) Secure the Internal network with a set of carefully written rules
None of these fit your present setup. There is not much that you can do right now
but I do suggest that you start looking for an additional HUB and a second network
interface for the Linux box.
Brian M Dial wrote:
> Hello all,
>
> I was wondering if someone could help me out a bit with a small problem
> I'm having with IP Masquerading.
>
> Setup:
>
> This may sound odd and impracticle, but it's at a remote site that I
> won't get to to change for a while so please don't respond with "hay
> dummie, that's a lame setup"
>
> we have a frame relay line comming into a router with 'bout 20 NT
> machines & 1 linux machine. We own 32 IP addresses from (a made up
> block, i don't want to divulge the real block) 200.150.100.224 -
> 200.150.100.255 with the router being .225
>
> The physical makeup is the router goes to a hub where all machines are
> plugged into (nt workstations & linux server). The linux serrver has
> the following configuration
>
> IPADDR: 200.150.100.226
> NETMASK: 255.255.255.224
> NETWORK: 200.150.100.224
> BROADCAST: 200.150.100.255
> GATEWAY: 200.150.100.225
>
> It only has one network card because it plugs into the hub only. The
> other NT Machines all have real IP addresses in that block and are
> plugged into the hub with the linux machine. However, they don't have
> the router as their gateway, they have the linux machine as they're
> gateway. The linux machine is doing IP Masquerading by the following
> commands (basic, i know)
>
> /sbin/ipfwadm -F -p deny
> /sbin/ipfwadm -F -a m -S 200.150.100.224/255.255.255.224 -D 0.0.0.0/0
>
> So basically it's masquerading for machines that have real IPs. But the
> way the network is setup physically traffic outgoing from the NT
> machines go into the hub, out to the linux machine, back into the hub
> and into the router. Of course from outside you can still go directly
> to any of the NT machines because they're in the hub too.
>
> This was all good, The machines are kinda sorta masquerading, at least
> outgoing traffic. However, whenever one of the NT machines goes to a
> website for the *first* time they get an error in their browser that the
> remote server reset the connection. Then, if they reload the page it
> reloads fine. anytime they go back to that site it loads fine too. But
> as soon as they go to a page that they've never been to before, it
> resets the connection for the first visit to the page.
>
> I'm almost positive this has something to do with the wierd masquerading
> situation that I can only attest to not being the one that set it up.
> Can anyone suggest a fix I can do remotely until I can get up there and
> fix the mess?
>
> -Brian
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
--
Audie P.
The perimeters that we put on ourselves
are self-imposed...There are no boundaries.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
