Re: IP-Masq
jamesh (jamesh@Interpath.com)
Tue, 01 Jan 1980 20:08:31 -0500
Martin Bauer wrote:
>
> Hi *,
>
> I am looking for a solution for a very ugly problem:
>
> The company I am working for is connected to the Internet via a
> Linx-Firewall. This is working pretty well. We use IP-masquerading
> to give people, sitting at PC's with private IP-adresses (172.30.x.x)
> the possibility to 'surf'.
> Now my problem: There are people out there who need to work on several
> specific machines inside our 'safe' Intranet. So this machines have to
> look like they have public IP-adresses to the outside.
>
> I think the Firewall should act like more than one machine (multiple
> IP-adresses, IP-aliasing?) and then handle the IP-pakets (firewall-rules)
> and send them to the specific host with the private IP-adress inside our
> net.
>
> Did anybody hear about a cute little daemon or module that can handle this?
>
> Help very appreciated!
>
> Martin
Hi Martin,
You can have your users logon to a Samba servers. The 'root preexec'
parameter for a share can use the IP address of the connecting client to
insert filters into the firewall. The 'root postexec' parameter can be
used to delete the entries when the user logs off the system. Another
nice thing is, If you use Win95 on the client machines, you can store
the profile information in the users home directory. Then, their desktop
settings and access policies can follow them as well.
-James