Eduardo Gargiulo wrote:
Hi all. I have a linux box running ipchains and masquerading my inetrnal network. I have subnet of real IP. The router is connected to the hub so the REAL subnet is before the firewall, so I can't protect it. I'm thinking in add an eth to the linux box and connect the router (with a cross UTP) to eth0, and connect eth1 (with real IP) and eth2 (with masqued IP) to the hub. The question is how configure ipchains and if it is possible to work or I have to add another tool to my linux box to handle this configuration?
Hi all, My configuration is: ISP-Cable |(xxx.xxx.xxx.129 ip) \ \(xxx.xxx.xxx.130 ip) LINUX-(xxx.xxx.xxx.132 ip)---------------------\ |(192.168.1.1_ip) | | |(xxx.xxx.xxx.131 ip) |----(192.168.1.2 ip this host uses downstream |-----(192.168.1.3 ip) . . . \------(192.168.1.n ip) Linux has 3 interfaces eth0 xxx.xxx.xxx.130 eth1 xxx.xxx.xxx.131 eth2 192.168.1.1 hosts in 192.168.1.0/255.255.255.0 are masquaraded #ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ eth0 and eth1 are bridged #ipchains -A bridgein -s xxx.xxx.xxx.131 -i eth1 -j ACCEPT #ipchains -A bridgein -d xxx.xxx.xxx.131 -i eth1 -j ACCEPT bridgein chain comes from patch default route set to xxx.xxx.xx.129 It should work just ok. But it makes a booo ones for a while. i thing it is doing something like that: packets that should be masquaraded are bridged. How to prevent from this. Second Q: why normal forwarding wasn't working, why have i had to use a bridge Thanks, Hubert.