you could also run a plug-proxy on the gateway machine that would forward the traffic on port 80 to the office server.
David Lang
"Perry" <perry @
openix .
com> wrote:
Date: Wed, 18 Mar 1998 18:00:55 -0500 (EST)
Date: Tue, 17 Mar 1998 09:34:57 -0500 (EST)
]From: ccurtis @
facm .
fit .
edu
Subject: Re: IP masquerading under linux
On Thu, 12 Mar 1998 firewall @
xenon .
nt .
is wrote:
> I have a small ISP and one of our customers who uses IDSN to connect to
us
> wants to have a web server in his office, but keep using the ISDN
> connection which will be open 24hrs a day.
This isn't trivial with Linux's current implementation of IP
Masquerading; you will have to manually set up an ARP table so that
incoming packets have your IP but his MAC address. Check the Proxy-ARP
_____snip
Not true, it would be easy to access the internal machine without
resorting to something so complicated as that scenario above - I am
assuming that the gateway masquerading box is not running a web server, so
port 80 will be open - use the ipportfw or redir package to forward any
requests to the internal server in question. Or if this customer has
routing capabilities, create a virtual interface and foward http requests
to that IP address via redir to the internal server. The best solution
would be NAT, but currently ipfwadm and chains don't support NAT.
Follow-Ups:
|
|
