At 04:36 PM 8/27/97 +0200, you wrote:
>I've got an ugly windows nt with a database and a web server
>I'm thinking about protecting it and its internal network
>with a linux. There will be a firewall, proxying the
>internal querys (www, etc) to the internet.
>The problem is that the nt holds cgi's written in visual
>basic. My intention is masquerading the network and
>adding rules in the linux box for letting access to
>the nt web server inside.
>internet ---- fw ------- internal net masqueraded
> nt web server masqueraded
>Is that possible ?
>Another idea is configure squid listening in the port 80
>of the firewall and passing the requests to the nt server
>inside. What about this ?
I havnt worked with linux ip masquerading for about 6 months so i dont know
if it has changed, but masquerading will not allow connections originating
from outside the firewall at all, do it does you no good if you want to run
daemons on a masqueraded machine. Some other network apps dont work well
with masquerading such as internet games or anything else where you would
want to listen for connections like powow and icq .. as of the last time I
used ip masquerading udp packets did not work as well.