Re: Masquerading

Glynn Clements (glynn@sensei.co.uk)
Fri, 31 Dec 1999 03:56:18 +0100 (GMT--1:00)


Grischa Schuering wrote:

> I was posting quite a lot articels about this matter in newsgroups, now
> I know why the things I am trying might not be working. Can you give me the
> last hint ?
>
> I set up a private network 192.168.100.0/24 on a linux box by masquerading
> (SuSe 6.2) on eth1. eth0 is connected to a registered network which is
> connected to the internet by a cisco router. I also use a portmaster router
> to dial in from home (on the registered network).
> Now I want to reach the computers behind the linux box from the pertmaster,
> which has a static route to the private ips.
> When masquerading is turned on, it is not working, when I turn it off, it
> does. I believe it behaves this way, because all outgoing ips are
> masqueraded with the eth0 ip of the linux box.
>
> The start/stop script looks like this:
>
> START
>
> ipchains -N user_msq
> ipchains -A user_msq -s 0/0 -d 0/0 -j MASQ
> ipchains -A forward -s 192.168.100.0/24 -d 0/0 -i eth0 -j user_msq
>
> STOP
>
> ipchains -D forward -s 192.168.100.0/24 -d 0/0 -i eth0 -j user_msq
> ipchains -F user_msq
> ipchains -X user_msq
>
> How does the comand has to look like which prevents masquerading a specific
> destination ip range ????

ipchains -F forward
ipchains -A forward -s 192.168.100.0/24 -i eth0 -d x.x.x.x/x -j ACCEPT
ipchains -A forward -s 192.168.100.0/24 -i eth0 -j MASQ
ipchains -A forward -j DENY -l

where x.x.x.x/x is the registered network.

-- 
Glynn Clements <glynn@sensei.co.uk>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu