[olug] Routing and IPchains and IPmasquerading
Dave Homan
dave_cog at hotmail.com
Thu Sep 6 15:11:25 UTC 2001
Hey guys, I was wondering if anyone could give me a tad bit of advice on
this. Basically I got an old i586 i'm setting up as a router/firewall
between my cable modem and my regular machine. I'm using ipchains (should i
be using ipchains with 2.4 kernel or should I go for iptables?) to do the
routing/firewalling. Well actually I figured that I would try to do the
routing part first, then try the firewalling part. Well I'm stuck on the
routing part.
Machine 1: eth0 ---> connected to the cable modem with the 24.x.x.x ip addy,
works great. eth1 ---> assigned ip addy of 192.168.0.1 as my gateway for
the other pc.
Machine 2: eth0 ---> connected to eth1 on the gateway pc.
I hooked them together ok, they can ping eachother, andn i can SSH into the
gateway from work, then ssh again into the internal pc so the connection is
ok.
My problem is that I can't get the router to masquerade packets from the
other pc without setting the forward policy to MASQ:
/sbin/ipchains -P forward MASQ
If i do that command, everything works fine, but I don't want to just set
the forward policy to masq and then let it run, I want to just it up so that
it will only masq stuff from eth1 but when I try this:
/sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.0.0/24
then it doesn't work. Any insight on what I'm doing wrong here? I suppose
I can just set up the default forward chain to MASQ, but that just doesn't
sound very secure. I'd rather set it to DENY and then only MASQ packets
coming from my regular internal machine.
clues, hints, anyone?
-dave
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list