you could also run a plug-proxy on the gateway machine that would forward the traffic on port 80 to the office server.
"Perry" <perry @
Date: Wed, 18 Mar 1998 18:00:55 -0500 (EST)
Date: Tue, 17 Mar 1998 09:34:57 -0500 (EST)
]From: ccurtis @
Subject: Re: IP masquerading under linux
On Thu, 12 Mar 1998 firewall @
> I have a small ISP and one of our customers who uses IDSN to connect to
> wants to have a web server in his office, but keep using the ISDN
> connection which will be open 24hrs a day.
This isn't trivial with Linux's current implementation of IP
Masquerading; you will have to manually set up an ARP table so that
incoming packets have your IP but his MAC address. Check the Proxy-ARP
Not true, it would be easy to access the internal machine without
resorting to something so complicated as that scenario above - I am
assuming that the gateway masquerading box is not running a web server, so
port 80 will be open - use the ipportfw or redir package to forward any
requests to the internal server in question. Or if this customer has
routing capabilities, create a virtual interface and foward http requests
to that IP address via redir to the internal server. The best solution
would be NAT, but currently ipfwadm and chains don't support NAT.