Re: FireHOL Question
--- Daniel Pittman <daniel@rimspace.net> wrote:
> On 21 Sep 2004, vizi0n wrote:
> > I've been trying to make myself a router/firewall for the past few
> days
> > (never done that before) but so far I managed to throw away my DI-604,
> which
> > is not a bad thing at all :) I am using Debian Sarge and the FireHOL
> package
> > which is basically an iptables generator from my understanding.
> >
> > Now my problem is, I am using this Sarge box as my gateway (1 nic for
> LAN, 1
> > plugged into a PPPoE DSL modem). It all works fine and my routes are
> set for
> > nat, but I would like to add my other IP's my isp gives me. (3 in
> fact) and
> > associate them with specific LAN machines.
> >
> > My isp gives me an extra /30 that I can use. So I would like to
> forward each
> > of these new IPs to specific LAN IPs, and reverse as well (my friend
> says
> > this is called one-to-one nat or something)
>
> Just a quick question: are you sure you don't want to give those LAN
> machines a public IP address, and use standard IP forwarding?
>
> Others have suggested, of course, the use of the 'dnat' function with
> firehol to perform the address transformation.
>
> Also, note that using NAT means that accessing those public addresses
> within the LAN will not work without significant and annoying work on
> your part.
>
Documented here:
http://wiki.debian.net/index.cgi?Firewalls-dnat-redirect
Now that I think of it, there are some of the same problems with using
external IPs on an internel network. Though the default setup is working,
ok, andvalid.
>
> Personally, I would (and do, in fact) use stock IP forwarding to provide
> machines with public addresses, and the firehol supported forwarding
> rules to manage access to them.
>
> Regards,
> Daniel
> --
> There are no poisonous substances, only incorrect doses.
> -- Paracelsus
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
Reply to: