RE: Firewall + NAT

["CHAN Chow Chin, David" <ccchan my ncs-i com>]

Mohamedou,

Maybe if I plug in some IP address, then I can make things more clearly for
you.

All External IPs allocated to me by ISP.
123.123.123.1 to 123.123.123.16

I have internal IPs of 231.231.231.1 to 231.231.231.254
server = 231.231.231.4



Now assuming that I have a router, external ip = 123.123.123.1 
and my Linux Firewall is 123.123.123.2 (extIP) and 231.231.231.1(intIP)

Now, I wish to set a static IP to my server.
eg Assign server (231.231.231.4) to 123.123.123.4
(settting the static 1:1 NAT is no problem)

--this part is the one that I am stumped at--
then, there's the PCs. 
I wish to set a pool of 231.231.231.5 - 231.231.231.254 
NATed to external IPs 123.123.123.5 - 123.123.123.16

Clear?

David.

-----Original Message-----
From: mohamedou [mailto:mohamedou bits mr]
Sent: Wednesday, 28 February, 2001 8:16 PM
To: redhat-install-list redhat com
Subject: Re: Firewall + NAT


Hi CCC,

Give the following command on the prompt:

echo 1 > /proc/sys/net/ipv4/ip_forward
ipfwradm-wrapper -F -p deny
ipfwadm-wrapper -F -a m -S 10.10.10.0/24 -D 0.0.0.0/0

Assuming your Box has two ehts (1-private and 1-good address).
Your internal network is 10.10.10.0 netmask 255.255.255.0.

For me it works finely.

Put this commands in /etc/inittab, in order to execute them automatically!
at the start
----- Original Message ----- 
From: "CHAN Chow Chin, David" <ccchan my ncs-i com>
To: <redhat-install-list redhat com>
Sent: Wednesday, February 28, 2001 10:06 AM
Subject: Firewall + NAT


> Hey Leonard den Ottolander and Karl L.Pearson,
> 
> Sorry for disturbing.. I was wondering if you can give
> me some pointers on how to configure a Linux box as a firewall???
> I've read docs on IPMASQ, IPCHAINS and IPROUTE2 but I 
> didn't find anything on what I am looking for. 
> 
> Basically, what I want it to do is to take over the router's NAT job. 
> I am hoping that I can set it up together with ipfiltering. 
> My problem is, in the Cisco router, you can nat a range of internal IPs
> to a range of external ips. I am really stumped. I really can't find
> any docs that I have read about exactly how to implement this.
> Can you guys help me out?
> 
> 
> Clueless,
> David Chan
> 
> --------= End Transmission =---------
> David Chan Chow Chin
> Systems Engineer
> NCSI (Malaysia) Sdn Bhd
> 601D Level 6, Tower D Uptown 5
> 5 Jalan SS21/39, Damansara Uptown
> 47400 Petaling Jaya
> Selangor Darul Ehsan, Malaysia
> Tel: 603-77256878 Ext 126
> Fax: 603-77256898
> e-mail: ccchan my ncs-i com
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>  This email (including all attachments) contains 
> confidential information which may be privileged. It is
> intended solely for the identified recipient(s) to whom it 
> is addressed. If you are not an intended recipient, please 
> reply to us immediately and delete this message from your 
> system. You may not copy or use it for any purpose, or 
> otherwise disclose its contents to any person. 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 
> 
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list
> 




_______________________________________________
Redhat-install-list mailing list
Redhat-install-list redhat com
https://listman.redhat.com/mailman/listinfo/redhat-install-list