Re: ipchains question
Eduardo Gargiulo wrote:
I have a linux box running ipchains and masquerading my inetrnal network.
I have subnet of real IP. The router is connected to the hub so the REAL subnet is before the firewall, so I can't protect it. I'm thinking in add an eth to the linux box and connect the router (with a cross UTP) to eth0, and connect eth1 (with real IP) and eth2 (with masqued IP) to the hub. The question is how configure ipchains and if it is possible to work or I have to add another tool to my linux box to handle this configuration?
My configuration is:
| |(xxx.xxx.xxx.131 ip)
|----(192.168.1.2 ip this host uses downstream
Linux has 3 interfaces
hosts in 192.168.1.0/255.255.255.0 are masquaraded
#ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ
eth0 and eth1 are bridged
#ipchains -A bridgein -s xxx.xxx.xxx.131 -i eth1 -j ACCEPT
#ipchains -A bridgein -d xxx.xxx.xxx.131 -i eth1 -j ACCEPT
bridgein chain comes from patch
default route set to xxx.xxx.xx.129
It should work just ok.
But it makes a booo ones for a while.
i thing it is doing something like that:
packets that should be masquaraded are bridged.
How to prevent from this.
why normal forwarding wasn't working, why have i had to use a bridge