Eduardo Gargiulo wrote:
> Hi all.
>
> I have a linux box running ipchains and masquerading my inetrnal network.
> I have subnet of real IP. The router is connected to the hub so the REAL subnet is
>before the firewall, so I can't protect it. I'm thinking in add an eth to the linux
>box and connect the router (with a cross UTP) to eth0, and connect eth1 (with real
>IP) and eth2 (with masqued IP) to the hub. The question is how configure ipchains and
>if it is possible to work or I have to add another tool to my linux box to handle
>this configuration?
Hi all,
My configuration is:
ISP-Cable
|(xxx.xxx.xxx.129 ip)
\
\(xxx.xxx.xxx.130 ip)
LINUX-(xxx.xxx.xxx.132 ip)---------------------\
|(192.168.1.1_ip) |
| |(xxx.xxx.xxx.131 ip)
|----(192.168.1.2 ip this host uses downstream
|-----(192.168.1.3 ip)
.
.
.
\------(192.168.1.n ip)
Linux has 3 interfaces
eth0 xxx.xxx.xxx.130
eth1 xxx.xxx.xxx.131
eth2 192.168.1.1
hosts in 192.168.1.0/255.255.255.0 are masquaraded
#ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ
eth0 and eth1 are bridged
#ipchains -A bridgein -s xxx.xxx.xxx.131 -i eth1 -j ACCEPT
#ipchains -A bridgein -d xxx.xxx.xxx.131 -i eth1 -j ACCEPT
bridgein chain comes from patch
default route set to xxx.xxx.xx.129
It should work just ok.
But it makes a booo ones for a while.
i thing it is doing something like that:
packets that should be masquaraded are bridged.
How to prevent from this.
Second Q:
why normal forwarding wasn't working, why have i had to use a bridge
Thanks,
Hubert.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
