Re: [masq] [masq] IPFWADM -question 2

Wed, 10 Jun 1998 10:56:53 -0400 

IF I UNDERSTAND YOU RIGHT YOU WANT TO MASQUERADE THE INTERNET ON YOUR LAN 

FOR THAT you have to allow masquerading 
BUT 
you also have to use your linux box as a gateway for your network address
( destination) 

this is called source routing and any sain admin especially big isp 's are
for security reasons configured to drop source routed frames 

so for this to work you most likely have to be 0 hops away from the linux
box 

thats all if you have private ips on you local lan . 

 otherwise if they are public then you dont need masq you can use
firewalling features just fine 







Andrej Todosic 
Operations Analyst 
[EMAIL PROTECTED]


On Tue, 9 Jun 1998, Michele Nicosia wrote:

> Hi all,
>     i'm looking for some solutions to this problem with IPFWADM.
>     i have two nic on a linux machine that act as routr and firewall.
>     eth0 is internal on the network 128.1.1.1 for example, eth1 is
> external 10.1.1.1.
>     Well when i try to reach from a pc on to the external network an ip
> on the internal , and in this case i do not need the masqeade, it act as
> for the internet masquerding the ip of any pc on the eth1.
> Is it possible to masquerade all the internet 0.0.0.0/0 less than
> 128.1.1.1, i do not want to reject or deny to this adddress, it is only
> need to have a connection direct, without masqerade.The table routing is
> correct for than ip the router is not the ppp0 interface but a real gw
> on the internet.
> Now i'm trying with the reject but like i say it is not for me purpose.
> 
> 
>                         thanks
> 
> --
> ********************************************************************
>  - Michele Nicosia - EAC srl - [EMAIL PROTECTED] -
> ********************************************************************
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to