Re: FireHOL Question
On Tue, 2004-09-21 at 15:50, vizi0n (debian-firewall) wrote:
> Hi everyone!
>
> I've been trying to make myself a router/firewall for the past few days
> (never done that before) but so far I managed to throw away my DI-604, which
> is not a bad thing at all :) I am using Debian Sarge and the FireHOL package
> which is basically an iptables generator from my understanding.
>
> Now my problem is, I am using this Sarge box as my gateway (1 nic for LAN, 1
> plugged into a PPPoE DSL modem). It all works fine and my routes are set for
> nat, but I would like to add my other IP's my isp gives me. (3 in fact) and
> associate them with specific LAN machines.
>
> My isp gives me an extra /30 that I can use. So I would like to forward each
> of these new IPs to specific LAN IPs, and reverse as well (my friend says
> this is called one-to-one nat or something)
>
> I've tried creating virtual interfaces for my extra IPs but no luck (eth0:0,
> eth0:1, eth0:2)
>
> Does anyone know how I could do that, as I'm not an iptables expert at all.
>
> Thanks!
>
> viz
>
to have your outside nic listen on multiple IP's create the aliases and
refer to them in firehol.conf as follows:
interface eth0 alias_eth0_1 dst a.b.c.d/nn
where a.b.c.d is your second (or third...) IP
the name (alias_eth0_1) is arbitrary but the idea is that you use the
real network interface (eth0) instead of the alias (eth0:1)
as to the mapping to inside LAN IP's: don't know for sure but probably
something like this at the top of your config:
nat to-destination w.x.y.z proto tcp dport 80 dst a.b.c.d/nn
where w.x.y.z is your LAN IP
en a.b.c.d is your extra outside IP. this line will map port 80 to an IP
on your LAN.
tinus.
Reply to: