TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:10864] IP Masquerading
On Fri, 10 Dec 1999, ^chewie wrote:
> On Fri, 10 Dec 1999, Brian J. Ackermann wrote:
> > I brought this idea to my boss, and he loved it. I convinced him to
> > modify our topology, so all our servers on the 205 subnet are on one
> > hub, the 192 subnet on a second, and the world off the third.
> >
> > I'm pumped....
> >
> > Maybe I can get this Firewall up and running, now that I'll have a
> > 'normal' topology to deal with....
> Look for: Bridging+Firewall-HOWTO.txt.gz and IP-Chains-HOWTO.txt.gz for
> more information.
Definetaly youll have to do some sort of routing to the 205 subnet.
I suggest adding static arp routes and do a proxyarp type thing. Works
for me nicely with DSL here.
IE:
dsl -> gateway/proxyarp -> my box
so dsl asks for ip whatever and the proxyarp says: thats me! and gives
out its mac adddress for that ip, in turn a firewall rule says to move
packets from eth0 for that ip to eth1 for that ip.
other way around, use the gateway for the default route. setup a rule so
eth1 packets from that ip go out over eth0
mmmm. routing when your not allowed to tell the gateway upstream who to
route to.
---
Scott Dier <dieman@ringworld.org> #nicnac@efnet 612.301.0265
destiny's admin | The first thing we do,
http://www.ringworld.org | let's kill all the lawyers.
finger me for gnupg/pgp key | -- Wm. Shakespere, "Henry VI"