[1913] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Ethernet card addr <-> IP

daemon@ATHENA.MIT.EDU (Peter H. Lemieux)
Sat Jun 20 03:17:41 1998

Date: Fri, 19 Jun 1998 10:32:18 -0400 (EDT)
From: "Peter H. Lemieux" <phl@cyways.com>
To: Jon Lewis <jlewis@inorganic5.fdt.net>
cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.95.980617172040.723U-100000@tarkin.fdt.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Wed, 17 Jun 1998, Jon Lewis wrote:

> Here's another IP Masq question.  Has anyone ever setup a Masq gateway
> such that depending on the remote address, either masquerading or routing
> is done?  I think I can do this by having accept forwarding rules for a
> few remote destinations and a masq rule for all others (0.0.0.0/0).
> Shouldn't be a problem...I just wonder if it's been done.

In many cases we've needed to write a forward/nomasq rule for routers that
handle both internal and external traffic like this:

ipfwadm -F -a accept    -S 172.25.0.0/16  -D 172.25.0.0/16 -P all -b
ipfwadm -F -a accept -m -S 172.25.0.0/16  -D 0/0           -P all -b

Otherwise the internal traffic gets masqueraded.  

Peter


-----

Peter H. Lemieux, President
CYWAYS, Incorporated
21 Westchester Road, Newton, Massachusetts 02158 USA
Voice:  (800) 5-CYWAYS (+1 617 796 8995)
Fax:    (617) 796-8997
Web:    http://www.cyways.com

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post