[olug] iptables behind router

John Dickson jman at neonramp.com
Tue Sep 14 15:36:04 UTC 2004 

Hey, I have an idea. Multihome the single nic on COMP A with more than one network/subnet. One IP from your Wireless router network and another IP from a different network common to the other boxes. And so on.....

Setup DNS pointing services where needed, and place routes where needed.

All of your port forwarding and DMZing is limited in the wireless device. Not so in your Linux box. Let it flow (confined to only the services you expect to traffic) to the tux box and control services direction from there.......

I am limited in network ability also, looking for feedback here. Aside from OSI layer overflow issues why not multihome????

John

"William E. Kempf" <wekempf at cox.net> wrote ..
> 
> On Mon, September 13, 2004 11:26 pm, Terry said:
> > I have a similar setup
> >                                                                   ----->
> > PC
> > Cable Modem ---> Linux ---> Wireless Router |
> >                                                                   ----->
> > Laptop
> >
> >
> > Cable Modem -- 192.168.0.0/24 --> Wireless Router --- 192.168.1.0/24
> > ---> PC/Laptop
> >
> > This allows you to create a DMZ type of network in front of your
> > PC's.....I pretty much just did this to make use of an old DEC
> > laptop...  ;)
> >
> > For services in the 192.168.0.0/24 subnet, just create a normal
> > iptables rule to forward to the "DMZ" host.
> 
> OK, if I understand you (remember, I'm new to the terminology), you're
> saying that all computers on the LAN need to be directed to forward
> outgoing connections through CompA in my case.  Combined with what Mr.
> Linder said, I can see how this would work.  But the rub is how to get
> the
> other computers to forward through CompA, since they are running Windows
> XP.
> 
> > I have services in my internal network that I want to get to from the
> > outside world:
> > -A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT
> > --to-destination 192.168.0.2:3389
> > -A FORWARD -s 204.26.64.1 -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
> >
> > This is poor in design, mostly just for fun....
> 
> Why is it poor in design?
> 
> -- 
> William E. Kempf
> wekempf at cox.net
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list