Re: [TCLUG:10864] IP Masquerading

To: <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:10864] IP Masquerading
From: "Brian J. Ackermann" <brianj@subrad.com>
Date: Fri, 10 Dec 1999 12:27:08 -0600
References: <Pine.LNX.4.10.9912101018440.14818-100000@geeks.linux.com>

Thanks much...I'll do that....

I'm prolly going to rewire the office tonight(just find the wires that need
to be seperated into their respective subnet groups...)

Then tomorrow I'll start working on reconfiguring the Firewall/Bridge...

Hopefully, this scheme should be easier to impliment in the long run than
what I've got 'right now'.  I pray that it is, I so much want to get this
firewall in place....

Brian
----- Original Message -----
From: ^chewie <chewie@wookimus.net>
To: <tclug-list@mn-linux.org>
Sent: Friday, December 10, 1999 12:22 PM
Subject: Re: [TCLUG:10864] IP Masquerading


> Scott (dieman) wrote:
> > > I would suggest a different approach.  Have a box with three
> > > interfaces, One to the outside world, one to your "internet
> > > servers", and one to your "clients".  (add a fourth if you want to
> > > firewall the "servers" away from the "clients" on top of the
> > > "outside world" and the "internet servers") Now mind you, keep this
> > > all PCI and on a decent box, cause its gonna have a ton of ipchains
> > > rules to parse per packet.
>
> On Fri, 10 Dec 1999, Brian J. Ackermann wrote:
> > I brought this idea to my boss, and he loved it.  I convinced him to
> > modify our topology, so all our servers on the 205 subnet are on one
> > hub, the 192 subnet on a second, and the world off the third.
> >
> > I'm pumped....
> >
> > Maybe I can get this Firewall up and running, now that I'll have a
> > 'normal' topology to deal with....
>
> I believe you will need to do a combination of the Bridging package to
> forward requests to the 205 subnet from the secure gateway and IP
> masquerading to forward to the 192 subnet.  IP Masquerading does not
> route very well.  Instead it does Network Address Translation,
> translating a public IP address to a private one.  Bridging, on the
> other hand, connects two subnets together and allows filtering.  I'm not
> really up to date on this, but I'm thinking of implementing the same
> topology here.
>
> Look for: Bridging+Firewall-HOWTO.txt.gz and IP-Chains-HOWTO.txt.gz for
> more information.
>
> ----------------------------------------------------------------
> Chad Walstrom                         mailto:chewie@wookimus.net
> a.k.a ^chewie, gunnarr               http://wookimus.net/~chewie
>
>    Gnupg = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD
> ----------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>

References:
- Re: [TCLUG:10864] IP Masquerading
  - From: ^chewie <chewie@wookimus.net>

Prev by Date: Re: [TCLUG:10864] IP Masquerading
Next by Date: Re: [TCLUG:10864] IP Masquerading
Prev by thread: Re: [TCLUG:10864] IP Masquerading
Next by thread: Re: [TCLUG:10864] IP Masquerading
Index(es):
- Date
- Thread