[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP masq (ipchains): masq whole LAN *except* some hosts?



On Sat, Nov 20, 1999 at 04:59:12PM +0100, Ralf G. R. Bergs wrote:
> I've a machine with two NIC acting as a router/NAT host. Masquerading works 
> fine for the LAN machines, and access from outside is limited to the 
> firewall machine. I want a couple of machines NOT to be masqueraded so that 
> I can ftp or log into them from outside.
> 
> Which ipchains rules do I have to add to make this work? I have tried to 
> insert a rule above the standard rule in M70masq like this, but to no avail:
> 
>                 $IPCHAINS -A forward -j ACCEPT -i $j -s fileserver/32 -b
> 
>                 # Masquerade remaining hosts
>                 $IPCHAINS -A forward -j MASQ -i $j -s $IPOFIF/$NMOFIF

are the other input/output rules blocking your fileserver ip ?

theres an ipchains "-C" option that lets you specify a packets
(as if it were a rule, ie: -s ip -d ip -p proto, etc) and it will
check it against the rules and tell you what happens to it.

-- 
 - Gus


Reply to: