On Tue, 17 Aug 1999, Guilherme Soares Zahn wrote:
>
> Hi there,
>
> today I was trying to set our computers to do IP-Masquerading (we'll
> be changing our external provider, and while the old one did the
> masquerading for us, the now one doesn't)... I tried to do everything as
> explained in the IP-Masquerade HOWTO, but for some reason things weren't
> running quite fine (well... not fine at all, as the packages coming from
> one adapter wouldn't see the other eth's)...
>
> I found a way to set things to work, but I'd like to know if this
> creates any problem or opens any security breach (and, if it does, what
> should I do)... The idea was to get our subnets 192.168.x.0 to go
> through a REAL net...
>
> The HOWTO suggested I should try something like
>
> ipfwadm -F -p deny (setting 'deny' as the default rule)
> ipfwadm -F -a masquerade -P tcp 192.168.0.0/255.255.0.0 -D 0.0.0.0/0
^^^^^^^^^^^
is there a typo here or you're using the entire range from 192.168.0 to
192.168.255. If you're using one C class (192.168.0.0), your mask should
be 255.255.255.0 (or 192.168.0.0/24).
I'm not sure but as you didn't specified the interface, ipfwadm is trying
to guess from you source definition, that may not match ifconfig settings.
Just curious: você não está utilizando o potato? Kernel 2.3.x? Por que não
utiliza o ipchains? (sorry all others :)
[]s,
Mario O.de Menezes "Many are the plans in a man's heart, but
IPEN-CNEN/SP is the Lord's purpose that prevails"
http://curiango.ipen.br/~mario Prov. 19.21
