Firewalls: Re: NAT on linux firewall?

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NAT on linux firewall?
From:	Bernd Eckenfels <lists @ lina . inka . de>
Date:	Wed, 4 Jun 1997 01:12:10 +0200
To:	David Lang <dlang @ diginsite . com>
Cc:	firewalls @ greatcircle . com
In-reply-to:	<199706031744 . KAA06986 @ mail . diginsite . com>; from David Lang on Tue, Jun 03, 1997 at 09:45:44AM -0700
References:	<199706031744 . KAA06986 @ mail . diginsite . com>

Hello,

On Jun 3, David Lang wrote
> for each web site do the following:
> setup the alias
> 
> ifconfig eth0:2 200.200.200.2

You don't need that Aliasdevice, it's enough (much better) to use Proxy Arp
with the following single command:

arp -s 200.200.200.0 xx:xx:xx:xx:xx netmask 255.255.255.0 pub
(with xx:xx:xx:xx:xx:xx beeing the ethernet address of your network card).

> setup an input firewall filter (I created a file rc.fw that I run after
> rc.inet1)

instead you can use a modified transproxy or netcat.. humm.. will look into
this. 

I think with iproute and 2.1 kernels you can do the same thing:
iproute addrule to 200.200.200 nat 100.100.100 

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels @
 Wittumstrasse13 .
 76646Bruchsal .
 de --
 ( .. )  ecki @
 {inka .
 de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes @
 irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

References:

NAT on linux firewall?
From: "David Lang" <dlang @ diginsite . com>

Indexed By Date	Previous:	Secure Pop3? From: Warpy <warpy @ null . net>
Indexed By Date	Next:	Re: NAT on linux firewall? From: Bernd Eckenfels <lists @ lina . inka . de>
Indexed By Thread	Previous:	NAT on linux firewall? From: "David Lang" <dlang @ diginsite . com>
Indexed By Thread	Next:	Re: NAT on linux firewall? From: Bernd Eckenfels <lists @ lina . inka . de>