Jason wrote:
> I am setting up masquerading on a debian 1.3 box and I need to
> figure out the rules I need to add. The linux gateway machine has an
> assigned ip (private of 10.0.0.1) and clients will be
> 10.0.0.2 and .2 and
> so forth. What ipfwadm rules do I need to add I was thinking the
> following:
>
> ipfwadm -F -p deny
> ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0
> ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0
I presume you actually meant:
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.2/32 -D 0.0.0.0/0
ipfwadm -F -a m -S 10.0.0.3/32 -D 0.0.0.0/0
> my questions are....will these work if I assign the clients ips
> *.2 and *.3?
Right now you are adding rules for specific machines, you could just as
easily add rules for the subnet, so that you don't have to worry about
adding each machine individually. (a destination or source of 0/0 is
assumed, you don't actually need to write it out - saves typing)
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.2/24
>Also, where do I add these rules? rc.local?
If you have a permanent connections rc.local (or a file called from it) is a
good place. Preferably you want rules in place as a link becomes active.
If you have a dialup connection, only place those rules for interfaces which
exist in rc.local, and save ppp+ device rules to be added in ip-up (or a
file called from it)
This is one reason I actually prefer ipchains... There you can create rules
for devices that don't exist yet but will work once the device is created.
> and 3rdly, will this all I have to do to get ip masq going,
> granted I've compiled ip forwarding into my kernel?
It now gives you masq. You should still configure firewall rules for
safety.
> Can anyone help?
I hope so. :) Please let us know if you have more questions.
Lourdes
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
