Re: [masq] [masq] I have just set up ip-masq...

Wed, 15 Jul 1998 07:19:26 -0400 

At 08:57 PM 7/14/98 -0400, you wrote:
>   If you get IP Masquerade to work with a dynamic IP address, please let
>us all know, and pass the details of your scripts to the IP Masq web site. 
>According to the manuals I've read, Masq requires a static address to
>work.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]
> 
What do you mean dynamic? We've got masq setup here with a dial-up
connection that gives us our IP at connect time, and I've got it working
fine. Basically, instead of specify source and destination addresses for
forwarding, use the interface name for the interface with the dynamic IP
address. 

Here's my config: (Note: I have RedHat 5.0 and am using ipfwadm, not
ipchains).


# Rules for input firewall
# flush rules
ipfwadm -I -f
# deny all packets
ipfwadm -I -p deny
# accept packets from local machines on the local interface, going anywhere
ipfwadm -I -a accept -W eth0 -S ${LOCAL_NET}
# deny packets on remote interface claiming to be local - log it
ipfwadm -I -a deny -W ppp0 -S ${LOCAL_NET} -o
# accept other packets from remote interface
ipfwadm -I -a accept -W ppp0 -S ${ANYWHERE}
# accept loopback packets
ipfwadm -I -a accept -W lo
# catch all rule - logs all other packets
ipfwadm -I -a deny -S ${ANYWHERE} -o
# now print out the firewall rules
ipfwadm -I -l -e     

# Rules for the forwarding firewall. This section turns on masquerading,
# among other things.
# flush rules
ipfwadm -F -f
# default policy is deny
ipfwadm -F -p deny
# masquerade all internal addresses
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24
# setup a deny rule to log anything else
ipfwadm -F -a deny -S ${ANYWHERE} -o
# now print out the firewall rules
ipfwadm -F -l -e

# Rules for output firewall.
# flush rules
ipfwadm -O -f
# accept all packets
ipfwadm -O -p accept
# now print out the firewall rules
ipfwadm -O -l -e   


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to