Re: IP masq (ipchains): masq whole LAN *except* some hosts?
On Sat, Nov 20, 1999 at 04:59:12PM +0100, Ralf G. R. Bergs wrote:
> I've a machine with two NIC acting as a router/NAT host. Masquerading works
> fine for the LAN machines, and access from outside is limited to the
> firewall machine. I want a couple of machines NOT to be masqueraded so that
> I can ftp or log into them from outside.
> Which ipchains rules do I have to add to make this work? I have tried to
> insert a rule above the standard rule in M70masq like this, but to no avail:
> $IPCHAINS -A forward -j ACCEPT -i $j -s fileserver/32 -b
> # Masquerade remaining hosts
> $IPCHAINS -A forward -j MASQ -i $j -s $IPOFIF/$NMOFIF
are the other input/output rules blocking your fileserver ip ?
theres an ipchains "-C" option that lets you specify a packets
(as if it were a rule, ie: -s ip -d ip -p proto, etc) and it will
check it against the rules and tell you what happens to it.