[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipmasq diald and mail




Erez Doron wrote:

>  I'm trying to configure my linux-box (RedHat4.2, 2.0.33) as a server.
> 
> my net is :
> 
> local net
> (192.9.200.x)
>     |
>     |      ------          ------------
>     |     |Linux |        | ISP with   |
>     |-----|Box   |--------| Dynamic-IP |---- internet
>     |     |192.9.|        | via PPP    |
>     |     |200.7 |        |            |
>     |      ------          ------------

Have you been allocated the 192.9.200.* network? If you haven't, then
you shouldn't use those addresses. The appropriate address ranges for
`private' networks are:

	Class  Netmask         Network Addresses              
	A      255.0.0.0       10.0.0.0    - 10.255.255.255   
	B      255.255.0.0     172.16.0.0  - 172.31.255.255   
	C      255.255.255.0   192.168.0.0 - 192.168.255.255  

> I'm trying to build my linux box as a firewall
> It should connect to the internet via PPP using diald
> ( I've already configured diald successfully )
> I'm trying to use squid as a proxy and either
> sendmail or qmail as mail server ( which is better ?
> easyer to config ? safer ? )

Which is `better' is largely a point of view.

qmail is easier to configure, and I'm told that it handles large
mailing lists better.

sendmail is more flexible, more robust, more mature and far more
widely used.

> I've read the ipmasq mini HOWTO but still have trouble
> to understand more then the basic of ip-masq.
> ( to what ports does it redirect inside computers,

It doesn't (unless you're talking about transparent proxying, in which 
case you specify the ports).

>   how does it know who is inside the firewall and who
>   is outside. what parameters do i use with ipfwadm )
> I have basic Idea of ipfwadm, but only for non ip-masq
> purpuses. ( -I -O and -F ).

Masquerading is an option on forwarding rules. You would typically use 
something like:

	ipfwadm -Fma accept -S 192.9.200.0/24

which will forward and masquerade any packets with a source address in
the 192.9.200.* network. Any packet that is a reply to a masqueraded
packet will be de-masqueraded and forwarded automatically.

-- 
Glynn Clements <glynn@sensei.co.uk>