IP masq (ipchains): masq whole LAN *except* some hosts?
Hi there,
I've a little problem that I'm not sure how to solve on my own.
I've a machine with two NIC acting as a router/NAT host. Masquerading works
fine for the LAN machines, and access from outside is limited to the
firewall machine. I want a couple of machines NOT to be masqueraded so that
I can ftp or log into them from outside.
Which ipchains rules do I have to add to make this work? I have tried to
insert a rule above the standard rule in M70masq like this, but to no avail:
$IPCHAINS -A forward -j ACCEPT -i $j -s fileserver/32 -b
# Masquerade remaining hosts
$IPCHAINS -A forward -j MASQ -i $j -s $IPOFIF/$NMOFIF
I'm sure I'm overlooking something, but it is not clear to me what's wrong.
Thanks for any insight you can give me.
Ralf
--
Sign the EU petition against SPAM: L I N U X .~.
http://www.politik-digital.de/spam/ The Choice /V\
of a GNU /( )\
Generation ^^-^^
Reply to: