VanLUG Email Archive
Todd Meade (tmeade@bc.sympatico.ca)
Fri, 15 Jan 1999 20:52:47 -0800
Hi,
I have a question for the Linux firewall gurus out there.
I just purchased a small subnet from my ISP; two or four addresses depending
on if you count the network and the broadcast addresses.
I have a six node LAN. I want to setup 2 to 4 nodes to share a ppp
connection (204.174.23.22/255.255.255.255) and be visible to the internet
(using the 4 address I own on the 204.174.23.0 subnet: 20,21,22,23). I want
the remaining nodes to hide behind a firewall and still see the internet via
IP Masquerading (192.168.1.0 subnet) over the ppp connection.
All is working well except:
1) I had to "ipfwadm -F -p accept" rather than "ipfwadm -F -p deny". Have I
just defeated my firewall? Can I just allow forwarding for the 2-4 machines
and deny the rest? If so I can't figure out the syntax.
2) My ip masqueraded machines can't see my non-masqueraded machines. They
are not Linux machines so I can't do ip aliasing (eth0:0, eth0:1 etc). The
ironic part is I can telnet to machines on the internet where I have
accounts, and then telnet back to machines on the 204.174.23 subnet.
I don't think I care if I can see anything on the 204.174.23.0 subnet other
than 20/21/22/23 (the four address I own errrr rent). If I do, I'll stick
to two non-masqueraded nodes (21/22, 20==network, 23==broadcast), and set my
netmasks/broadcasts accordingly.
Any feedback would be greatly appreciated.
Cheers,
Todd Meade
This archive was generated by hypermail 2.0b3 on Fri 15 Jan 1999 - 20:42:08 PST