[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

filtering routed packets

one machine ALPHA with only one nic. This machine has 3 addresses, all
bound to the same interface: Aa that his its public address, Ba that is
another public address, Ca that is a private address.
There is in the net a second machine BETA, with 2 modems connected.
This machine has another NIc with 2 addresses, one Ab on the same subnet
that Aa and Ba and one Cb on the same subnet that C (physically the subnet
is the same) the modem is given one addresses Cm on "C" subnet.
The problem:  
 ALPHA should act as a router-firewall and let pass all the traffic to the 
Ab and Cb address but some ports (80 135 137 139 443 445). But any
traffic originating from Cm must deserve a special treatment:
it must be masqueraded and appearing as originating from Ba, without any
 How to do ?
 I have the rules for masq: if i connect a single host whit the CM address
it works nicely, but if i call from outside i can log on any machine using
a C address, but i do not traverse the "fw" as i do if i use the same
address directly. If i traceroute from outside instead i get a ping !
 any hint ? 
rules are vettore:~# iptables -L -t nat 
target prot opt source destination 
DNAT all -- anywhere to: 
target prot opt source destination 
SNAT all -- anywhere to: 
Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

Reply to: