Raf,
I'm a little unclear of what you are trying to do. Is this correct?
+--------------+
Inet router------|eth1 |
x.x.252.1/24 | x.x.252.7/24 |
| |
| Masq BOX |
| |
| eth0|----+
|192.168.0.x/16| |
+--------------+ |
|
|
|
192.168.45.86/24
If this is your config, you are going to need to do
one of two things to allow people to TELNET to
the 192.168.45.86 box:
1. Setup IPPORTFW, IPAUTOFW, or REDIR
to forward requests through the MASQ
box to the other machine. IPFWADM will
-not- do this for you. Then, to get
to that box from an external machine, you'd
need do this:
telnet 192.168.252.7 2323
With this, port "2323" would be forwarded
thru the MASQ box to port 23 on the internal
LAN to your inside box. Get it?
2. Setup Proxy arp and a static route on the router.
First, you would need to configure your IFCONFIG
line to allow Proxy arps on ETH1. Next, on the
router (say for a Cisco), you would need to add:
ip route 192.168.45.86 255.255.255.255 192.168.252.7
This would tell the router that the HOST at IP
address 192.168.45.86 is ONLY accessable via the
192.168.252.7 IP address.
Either solution works fine. It really depends if you can get
access to the router.
--David
>>>>
I am trying to use ipmasq and NAT to get an outside host
connected for telnet, and all other hosts (if any, as we
add them) will use the masquerading. Here are my rules.
Am I missing something? Thanks - rich
there is a router on the outside of the 252 net that is 252.1.
It only knows about the route to the firewall -- there are
no routes to the internal NAT-translated host. Do I need
the arp patch? (if so, where is it?)
--------------
#!/bin/sh
#
LOCALHOST=`hostname`
IFEXT="192.168.252.7" # eth1
IFINT="192.168.45.86" # eth0
LOCALNET="192.168.0.0/16"
ANY="0.0.0.0/0"
UNPRIV="1024:65535"
HOST="192.168.45.86/32"
# configure the firewall
# all rules go here, including the NAT stuff
#
# First setup accounting and forwarding
# turn off everything and then flush all rules for clean
# start each time
#
ipfwadm -F -p deny
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -A -f
#
# localhost stuff
ipfwadm -I -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1
ipfwadm -O -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1
# outgoing
# incoming
# forwarding
ipfwadm -F -a masquerade -P tcp -W $IFEXT -S $ANY $UNPRIV -D $ANY telnet
# accounting
ipfwadm -A -a -b
# NAT for the router/load host
ipnatadm -O -i -P tcp -S 192.168.32.101/32 -M 192.168.252.8/32 -W eth0
ipnatadm -I -i -P tcp -S 192.168.252.8/32 -N 192.168.32.101/32 -W eth0
--------------------------------------------------------------------------------
---------------------------------
We've heard that a million monkeys at a million keyboards could produce
the Complete Works of Shakespeare; now, thanks to the Internet, we know
this is not true.
--Robert Wilensky, University of California
<<<<
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
