Re: [TCLUG:10864] IP Masquerading

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:10864] IP Masquerading
From: Scott Dier - dieman <dieman@ringworld.org>
Date: Fri, 10 Dec 1999 12:53:15 -0600 (CST)
In-Reply-To: <Pine.LNX.4.10.9912101018440.14818-100000@geeks.linux.com>

On Fri, 10 Dec 1999, ^chewie wrote:

> On Fri, 10 Dec 1999, Brian J. Ackermann wrote:
> > I brought this idea to my boss, and he loved it.  I convinced him to
> > modify our topology, so all our servers on the 205 subnet are on one
> > hub, the 192 subnet on a second, and the world off the third.
> > 
> > I'm pumped....
> > 
> > Maybe I can get this Firewall up and running, now that I'll have a
> > 'normal' topology to deal with....

> Look for: Bridging+Firewall-HOWTO.txt.gz and IP-Chains-HOWTO.txt.gz for
> more information.

Definetaly youll have to do some sort of routing to the 205 subnet.

I suggest adding static arp routes and do a proxyarp type thing.  Works
for me nicely with DSL here.

IE: 

dsl -> gateway/proxyarp -> my box

so dsl asks for ip whatever and the proxyarp says: thats me!  and gives
out its mac adddress for that ip, in turn a firewall rule says to move
packets from eth0 for that ip to eth1 for that ip.

other way around, use the gateway for the default route.  setup a rule so
eth1 packets from that ip go out over eth0

mmmm. routing when your not allowed to tell the gateway upstream who to
route to.

---
Scott Dier <dieman@ringworld.org> #nicnac@efnet 612.301.0265
      destiny's admin       | The first thing we do,
 http://www.ringworld.org   |  let's kill all the lawyers.
finger me for gnupg/pgp key |   -- Wm. Shakespere, "Henry VI"

References:
- Re: [TCLUG:10864] IP Masquerading
  - From: ^chewie <chewie@wookimus.net>

Prev by Date: Re: [TCLUG:10864] IP Masquerading
Next by Date: Re: [TCLUG:11042] C Header Files
Prev by thread: Re: [TCLUG:10864] IP Masquerading
Next by thread: RE: [TCLUG:10864] IP Masquerading
Index(es):
- Date
- Thread