i dont want to sound rude but i do know what masquerading is :)
what i meant is you cannot ping from the internet a box behind a
masqserver
think for a sec :
ping 192.168.0.1
no router has a default gateway for this ( on the internet ) it will go as
far as the first BGP router . then it will stop right there
cause bgp has no gateways it actually contains all the routing tables in
memory .
now if you had on your box specified :
add route 192.168.0.0 gw ip.address.of.masq.server
then it would be working if all the routers bewtween you and the box would
allow source routing .
router will say :
why do you wont me to take you to your gateway when i know which gateway
is best for you anyway ? piss off .
Andrej Todosic
Operations Analyst
[EMAIL PROTECTED]
On Wed, 10 Jun 1998, Bill Eldridge wrote:
>
>
> >IF I UNDERSTAND YOU RIGHT YOU WANT TO MASQUERADE THE INTERNET ON YOUR LAN
> >
> >FOR THAT you have to allow masquerading
> >BUT
> >you also have to use your linux box as a gateway for your network address
> >( destination)
> >
> >this is called source routing and any sain admin especially big isp 's are
> >for security reasons configured to drop source routed frames
>
>
>
>
> >so for this to work you most likely have to be 0 hops away from the linux
> >box
> >
> >thats all if you have private ips on you local lan .
> >
> > otherwise if they are public then you dont need masq you can use
> >firewalling features just fine
> >
>
>
> No, this isn't source routing. Masquerade simply lets a Linux box
> handle all the conversations with the internet in a very legal, secure
> manner, just as a company might have a few public numbers and
> lots of private extensions. All traffic going to the internet carries
> the Masq Linux box's ID, and it's up to that Linux box to pass the
> return traffic on to the correct internal destination, by keeping track
> of port assignments.
>
> You can run various routing protocols internally, including gated,
> rip, or just static routes, and you don't have to be within 0 hops
> of the Linux box. The Linux box just has to know how to get to
> you.
>
> You should be able to set up rules on the masq box to pass
> certain IP ranges on both sides through without doing masquerading.
> However, the external machines will then need to know the route
> to the internal machine addresses, something that's not needed
> if traffic is Masq'ed.
>
> >
> >> Hi all,
> >> i'm looking for some solutions to this problem with IPFWADM.
> >> i have two nic on a linux machine that act as routr and firewall.
> >> eth0 is internal on the network 128.1.1.1 for example, eth1 is
> >> external 10.1.1.1.
> >> Well when i try to reach from a pc on to the external network an ip
> >> on the internal , and in this case i do not need the masqeade, it act as
> >> for the internet masquerding the ip of any pc on the eth1.
> >> Is it possible to masquerade all the internet 0.0.0.0/0 less than
> >> 128.1.1.1, i do not want to reject or deny to this adddress, it is only
> >> need to have a connection direct, without masqerade.The table routing is
> >> correct for than ip the router is not the ppp0 interface but a real gw
> >> on the internet.
> >> Now i'm trying with the reject but like i say it is not for me purpose.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
