IP Masq and software various

[Chris Watt <grimm mad scientist com>]

	I am just (barely) coming to understand ipfwadm and ip masquerading, but
I've come up with a couple of questions I don't seem to be able to find the
answers to in documents. If anyone on this list can enlighten me I'd
appreciate it tremendously (RTFM's welcome if specific).

1. Imagine I have a firewall/masq system sitting between my PC and the rest
of the internet. I want to run Internet Doodad 98, which I know functions
by listening for (and establishing) connections on port 9191.
	Any system "inside" the firewall can talk to my PC on one of the reserved
addresses say 192.168.68.9, but Doodad 98 cannot (initially) accept
connections from outside the firewall. Since Doodad 98 is fairly safe and
harmless, I think it would be nice to let it communicate over the internet,
so I cleverly do something with ipfwadm(?) on the firewall system and
suddenly anything which attempts to communicate with the firewall on port
9191 is actually talking to my pc (which thinks it's talking to the
firewall). Sounds great, anybody know what the clever thing to do is?

2. On a standalone system, I want to automatically reject (or deny, BTW
could someone explain the difference to me sometime when you're not busy)
all packets coming out of 207.46.0.0/255.255.0.0
I do that, but then I suddenly discover (gasp) that I actually have a
friend at microsoft, and I want to be able to communicate with his machine
in the 207.46.131 subnet. I add another rule to accept packets from his
address, should I use "-a accept" or "-i accept" and why?

--

Smith & Wesson, the original point & click interface