On Tue, 23 Jun 1998, Ken Hughes wrote:
> I am new to linux but have been using IPmasqurade for a couple of years now.
> I want to add a second ethernet card to my server and have linux forward the
> packets. My ip addresses for the cards would be 192.168.2.1 and 192.168.1.1
> and a ppp0 of xxx.xxx.xxx.xxx. I would like to masqurade both networks to
> the internet and have it forward the packets between the two internal
> networks. Any hel with this would be appreciated
No problem!
To make sure that your networks can talk to each other, make sure
that you put the following forward rules _before_ the above masquerading
rules when you implement the firewall. If you didn't, the firewall would
try to masquerade packets traveling between the lans, which is
unnecessary.
ipfwadm -F -a accept -S 192.168.1.0/24 -D 192.168.2.0/24
ipfwadm -F -a accept -S 192.168.2.0/24 -D 192.168.1.0/24
If you already have an ipfwadm command to forward/masquerade from
your eth0 to your ppp connection, just copy it and modify to use the new
ip addresses.
For example, say that this is your existing command to masquerade:
ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0
Simply copy it like so:
ipfwadm -F -a accept -m -S 192.168.2.0/24 -D 0.0.0.0/0
The forwarding rules could therefore be:
#!/bin/bash
ipfwadm -F -a accept -S 192.168.1.0/24 -D 192.168.2.0/24
ipfwadm -F -a accept -S 192.168.2.0/24 -D 192.168.1.0/24
ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0
ipfwadm -F -a accept -m -S 192.168.2.0/24 -D 0.0.0.0/0
Cheers,
- Bill
---------------------------------------------------------------------------
Unix _is_ user friendly. It's just very selective about who its friends
are. And sometimes even best friends have fights.
William Stearns ([EMAIL PROTECTED])
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
