[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and Masquerading
On Thu, 11 Mar 1999, Semion Lisyansky wrote:
SL>Now supose that few of hosts on your private net need to
SL>be accessed from Internet - not only one WWW and one
SL>FTP so You couldn't use port mapping and redirection
SL>technique, but some more hosts providing same service.
Why not just assign real addresses to this hosts? I don't
understand for for you want to do NAT.
SL>In my casethat's about 10 hosts needed to by accessed on
SL>tcp port 23. In this case I would preferr to link them statically
telnet, hmm... why not at least ssh? or you have sslay telnetd
installed?
SL>What I need is to combine both theese technicues - one
SL>of dinamic technicues (preferrably IP Masq) and the static one.
I think you can do this without patch
just make an alias of external interface (i.e. eth0:0) and assign to it
address which you want to map to certain host, after that just indicate
ipfwadm -F -a accept -m -S <internal host> -V <external addr map to>
or
ipfwadm -F -a accept -m -S <internal host-1> -b -W eth0:0
ipfwadm -F -a accept -m -S <internal host-2> -b -W eth0:1
ipfwadm -F -a accept -m -S <internal host-3> -b -W eth0:2
...
ipfwadm -F -a accept -m -S <internal host-n> -b -W eth0:n
of course for each host you need one such record. It is not use a pool of
addresses and have addresses hardcoded in firewall rules, but it is also
solution. Of course it is IMHO and I am not sure it is suitable for you.
--
Vadim Smelyansky (AKA Proglot) cellular:+972-53-876933
Wide Networking Solutions Ltd., Yokneam, 20692, Israel