I am trying to use ipmasq and NAT to get an
outside host
connected for telnet, and all other hosts (if any, as we
add them) will use the masquerading. Here are my rules.
Am I missing something? Thanks - rich
connected for telnet, and all other hosts (if any, as we
add them) will use the masquerading. Here are my rules.
Am I missing something? Thanks - rich
there is a router on the outside of the 252 net
that is 252.1.
It only knows about the route to the firewall -- there are
no routes to the internal NAT-translated host. Do I need
the arp patch? (if so, where is it?)
--------------
It only knows about the route to the firewall -- there are
no routes to the internal NAT-translated host. Do I need
the arp patch? (if so, where is it?)
--------------
#!/bin/sh
#
LOCALHOST=`hostname`
IFEXT="192.168.252.7" # eth1
IFINT="192.168.45.86" # eth0
LOCALNET="192.168.0.0/16"
ANY="0.0.0.0/0"
UNPRIV="1024:65535"
HOST="192.168.45.86/32"
# configure the firewall
# all rules go here, including the NAT stuff
#
# First setup accounting and forwarding
# turn off everything and then flush all rules for clean
# start each time
#
ipfwadm -F -p deny
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -A -f
#
# localhost stuff
#
LOCALHOST=`hostname`
IFEXT="192.168.252.7" # eth1
IFINT="192.168.45.86" # eth0
LOCALNET="192.168.0.0/16"
ANY="0.0.0.0/0"
UNPRIV="1024:65535"
HOST="192.168.45.86/32"
# configure the firewall
# all rules go here, including the NAT stuff
#
# First setup accounting and forwarding
# turn off everything and then flush all rules for clean
# start each time
#
ipfwadm -F -p deny
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -A -f
#
# localhost stuff
ipfwadm -I -a accept -V 127.0.0.1 -S 127.0.0.1
-D 127.0.0.1
ipfwadm -O -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1
ipfwadm -O -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1
# outgoing
# incoming
# forwarding
ipfwadm -F -a masquerade -P tcp -W $IFEXT -S
$ANY $UNPRIV -D $ANY telnet
# accounting
ipfwadm -A -a -b
# NAT for the router/load host
ipnatadm -O -i -P tcp -S 192.168.32.101/32 -M
192.168.252.8/32 -W eth0
ipnatadm -I -i -P tcp -S 192.168.252.8/32 -N 192.168.32.101/32 -W eth0
ipnatadm -I -i -P tcp -S 192.168.252.8/32 -N 192.168.32.101/32 -W eth0
-----------------------------------------------------------------------------------------------------------------
We've heard that a million monkeys at a million keyboards could produce
the Complete Works of Shakespeare; now, thanks to the Internet, we know
this is not true.
--Robert Wilensky, University of California
We've heard that a million monkeys at a million keyboards could produce
the Complete Works of Shakespeare; now, thanks to the Internet, we know
this is not true.
--Robert Wilensky, University of California
