[1913] in linux-security and linux-alert archive
[linux-security] Re: Ethernet card addr <-> IP
daemon@ATHENA.MIT.EDU (Peter H. Lemieux)
Sat Jun 20 03:17:41 1998
Date: Fri, 19 Jun 1998 10:32:18 -0400 (EDT)
From: "Peter H. Lemieux" <phl@cyways.com>
To: Jon Lewis <jlewis@inorganic5.fdt.net>
cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.95.980617172040.723U-100000@tarkin.fdt.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Wed, 17 Jun 1998, Jon Lewis wrote:
> Here's another IP Masq question. Has anyone ever setup a Masq gateway
> such that depending on the remote address, either masquerading or routing
> is done? I think I can do this by having accept forwarding rules for a
> few remote destinations and a masq rule for all others (0.0.0.0/0).
> Shouldn't be a problem...I just wonder if it's been done.
In many cases we've needed to write a forward/nomasq rule for routers that
handle both internal and external traffic like this:
ipfwadm -F -a accept -S 172.25.0.0/16 -D 172.25.0.0/16 -P all -b
ipfwadm -F -a accept -m -S 172.25.0.0/16 -D 0/0 -P all -b
Otherwise the internal traffic gets masqueraded.
Peter
-----
Peter H. Lemieux, President
CYWAYS, Incorporated
21 Westchester Road, Newton, Massachusetts 02158 USA
Voice: (800) 5-CYWAYS (+1 617 796 8995)
Fax: (617) 796-8997
Web: http://www.cyways.com
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null