[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT and Masquerading



At 09:49 AM 3/11/99 +0200, Vadim Smelyansky wrote:
>
>	telnet, hmm... why not at least ssh? or you have sslay telnetd
>installed?

well, theese are not unices, actually part of them even not computers 

>	I think you can do this without patch
>just make an alias of external interface (i.e. eth0:0) and assign to it
>address which you want to map to certain host, after that just indicate
>ipfwadm -F -a accept -m -S <internal host> -V <external addr map to>
>or
>ipfwadm -F -a accept -m -S <internal host-1> -b -W eth0:0
>ipfwadm -F -a accept -m -S <internal host-2> -b -W eth0:1
>ipfwadm -F -a accept -m -S <internal host-3> -b -W eth0:2
>...
>ipfwadm -F -a accept -m -S <internal host-n> -b -W eth0:n
>
>of course for each host you need one such record. It is not use a pool of
>addresses and have addresses hardcoded in firewall rules, but it is also
>solution. Of course it is IMHO and I am not sure it is suitable for you.
>
Ok, that's more or less what I'm doing. Somehow I've reached about
6-8 rule records per host/port - input/output/forward chains, static NAT
rules, aliasing record. 

/sbin/ipchains -P forward DENY
.......

/sbin/ifconfig eth1:1 <virtual address>
/sbin/ipnatadm -O -i -W eth1 -S <internal host> -M <virtual address>
/sbin/ipnatadm -I -i -W eth1 -D <virtual address> -N <internal host>
/sbin/ipchains -A forward -i eth1 -s <internal host> -j ACCEPT
/sbin/ipchains -A forward -i eth0 -d <internal host> -j ACCEPT
... some ipchains input/output allow/deny rules.. 
......
/sbin/ipchains -A forward -i eth1 -j MASQ	# for all other hosts

>
>--
>Vadim Smelyansky (AKA Proglot) cellular:+972-53-876933
>Wide Networking Solutions Ltd., Yokneam, 20692, Israel
>

Best Regards
Shimon Lisyansky