From: MaD MaN (joelf@ptd.net)
Date: Sat Feb 10 2001 - 11:30:06 PST
You should only have to set up one MASQ rule for this and that would be:
ipchains -A forward -s 192.168.1.0/24 -d 0/0 -j MASQ "or" ipchains -A forward -i
eth0 -d 0/0 -j MASQ This will MASQ all internel traffic to the outside but not
internally.
joel
/dev/null wrote:
> yes, these interfaces are on one machine, Linux box.
>
> eth0 - interenet
> eth1 - LAN
>
> A computer on my LAN (192.168.1.5) has some VPN software.
> The VPN server resides on the Internet (x.y.z.12).
>
> I want to pass all packets from 192.168.1.5 through the firewall to the
> internet
> I want to pass all packets from x.y.z.12 through the firewall to 192.168.1.5
>
> is there a way to do this with ipchains?
>
> How?
>
> /dev/null
> dev-null@home.com
>
> ----- Original Message -----
> From: "MaD MaN" <joelf@ptd.net>
> To: <pmfirewall@pointman.org>
> Sent: Wednesday, February 07, 2001 1:37 AM
> Subject: Re: [pmfirewall] 2 way communication w/ ipchains
>
> > I am having a bit of a problem trying to figure out what you are talking
> about
> > here. These interfaces are in the same machine?? Why are do you want to
> MASQ
> > both of them?
> >
> > joel
> >
> > /dev/null wrote:
> >
> > > I have one machine (192.168.1.5) on eth1 that I need _all_ internet
> traffic
> > > from one outside server (x.y.z.12) on eth0 to be directed to. I tried
> > > setting this up:
> > >
> > > ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ
> > > ipchains -A forward -i eth1 -s x.y.z.12/32 -d 192.168.1.5/32 -j MASQ
> > >
> > > Well, web pages from the general inet work fine with this, but for some
> > > reason connections coming in from .12 are not forwarded on to the
> correct
> > > machine. How can I tell ipchains to masq all traffic coming in from .12
> to
> > > .5?
> > >
> > > Basically .5 initiates a connection but .12 can't initiate any
> connections
> > > back to .5.
> > >
> > > Thanks!
> > >
> > >
> ****************************************************************************
> > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> pmfirewall"
> > > * in the message body to majordomo@pointman.org. Please direct other
> > > * questions, comments, or problems to pmfirewall-owner@pointman.org.
> > > *
> > > * Need answers fast? Check the list archive located at:
> > > * http://www.pointman.org/PMFirewall/list-archive/
> > > *
> >
> > --
> > Check it out one time!!
> >
> > http://www.VisualStimulation.com
> >
> >
> >
> ****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> pmfirewall"
> > * in the message body to majordomo@pointman.org. Please direct other
> > * questions, comments, or problems to pmfirewall-owner@pointman.org.
> > *
> > * Need answers fast? Check the list archive located at:
> > * http://www.pointman.org/PMFirewall/list-archive/
> > *
>
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *
-- Check it out one time!!http://www.VisualStimulation.com
**************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall" * in the message body to majordomo@pointman.org. Please direct other * questions, comments, or problems to pmfirewall-owner@pointman.org. * * Need answers fast? Check the list archive located at: * http://www.pointman.org/PMFirewall/list-archive/ *
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:39:22 PDT