[1908] in linux-security and linux-alert archive
[linux-security] Re: Ethernet card addr <-> IP
daemon@ATHENA.MIT.EDU (Szymon Juraszczyk)
Fri Jun 19 07:16:14 1998
Date: Fri, 19 Jun 1998 09:19:49 +0200 (CEST)
From: Szymon Juraszczyk <jorgus@t19.ml.org>
To: Jon Lewis <jlewis@inorganic5.fdt.net>
cc: Richard Hakim <richard@kokoro.com>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.95.980617172040.723U-100000@tarkin.fdt.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Wed, 17 Jun 1998, Jon Lewis wrote:
> [ ... ]
>
> Here's another IP Masq question. Has anyone ever setup a Masq gateway
> such that depending on the remote address, either masquerading or routing
> is done? I think I can do this by having accept forwarding rules for a
> few remote destinations and a masq rule for all others (0.0.0.0/0).
> Shouldn't be a problem...I just wonder if it's been done.
>
In my network masquerading is set up exactly the way you propose and it works
fine. Packets are masqueraded at backbone routers only if they are going
outside the local network. Routes to 192.168. subnets are broadcasted with
high metric, so they don't get outside.
Greetings,
__
__ / /__ _______ ___ ___/_ Szymon Juraszczyk, e-mail: jorgus@t19.ml.org
/ // / _ \/ __/ _ / // (_-< Network administrator in DS T-19, Wroclaw, Poland
\___/\___/_/ \_, /\_,_/___/ Student of Software Engineering at
/___/ Wroclaw University of Technology
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null