On 21 Sep 2004, vizi0n wrote:
I've been trying to make myself a router/firewall for the past few days
(never done that before) but so far I managed to throw away my DI-604,
which
is not a bad thing at all :) I am using Debian Sarge and the FireHOL
package
which is basically an iptables generator from my understanding.
Now my problem is, I am using this Sarge box as my gateway (1 nic for
LAN, 1
plugged into a PPPoE DSL modem). It all works fine and my routes are set
for
nat, but I would like to add my other IP's my isp gives me. (3 in fact)
and
associate them with specific LAN machines.
My isp gives me an extra /30 that I can use. So I would like to forward
each
of these new IPs to specific LAN IPs, and reverse as well (my friend says
this is called one-to-one nat or something)
Just a quick question: are you sure you don't want to give those LAN
machines a public IP address, and use standard IP forwarding?
Others have suggested, of course, the use of the 'dnat' function with
firehol to perform the address transformation.
Also, note that using NAT means that accessing those public addresses
within the LAN will not work without significant and annoying work on
your part.
Personally, I would (and do, in fact) use stock IP forwarding to provide
machines with public addresses, and the firehol supported forwarding
rules to manage access to them.
Regards,
Daniel
--
There are no poisonous substances, only incorrect doses.
-- Paracelsus
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org