VanLUG Email Archive
> Will I need two network cards for my Linux router box?
You should, yes.
> What are the advantages/disadvantages/differences of having seperate IPs as
> opposed to IP masquerade? I guess I won't be able to telnet into a machine
> behind the router if I use IP Masq right? What else won't I be able to do
> with IP masq? Will I have problems with programs such as ICQ?
If you use mult ips you will have to configure linux as a bridge or get a
hub. I would choose masq'ing(NAT?) for the following reasons:
Security.
it is in general hard to attack internal masq'ed hosts
Simplicity.
ipfwadm -F -a m -S $INTERNAL_NET -D 0.0.0.0/0
does the trick(this syntax might be wrong but i'm too lazy to look)
In general you don't want to let ppl telnet, etc in.
One example that breaks this is if you want
to let someone ftp from an internal server with a big hd.
this is solved by installing redir or rinetd
ICQ will work fine if you install socks5 on the firewall
in firewall mode(ICQ that is). It will work for most things
without socks, though.
The one thing that was a big request was mounting an internal smb
share externally. I haven't figured out how to do this well.
The problem is exporting n internal machines shares somehow
on the firewall. These shares are dynamic. Anyone?
+-----------------------------------------------------------------------+
| R Garth Wood | <insert witty comment here> |
| | -R G Wood |
|
| |