ip masquerading rules
Hi,
I'm trying to set a Debian/Slink as ip-masquerade for 2
192.168.x.x networks.
I had set the rules with ipfwadm and the Masquerading ones are
working well; all connections to external nets through 3rd interface are
masquerade.
My problem is that I want some networks not being masquerade,
only forward. The forward rules were written in first place in the
/etc/network file and they are listed firstly with ipfwadm -F -l.
What I need to do in order to avoid masquerading some networks?
The output of ipfwadm -F -l is:
IP firewall forward rules, default policy: accept
type prot source destination ports
acc all 192.168.9.0/24 xxx.xx.xx.0/24 n/a
acc all 192.168.10.0/24 xxx.xxx.yy.0/24 n/a
acc all xxx.xxx.xx.0/24 192.168.9.0/24 n/a
acc all xxx.xxx.yy.0/24 192.168.10.0/24 n/a
acc all 192.168.9.0/24 192.168.24.0/22 n/a
acc all 192.168.10.0/24 192.168.24.0/22 n/a
acc all 192.168.24.0/22 192.168.9.0/24 n/a
acc all 192.168.24.0/22 192.168.10.0/24 n/a
acc/m all 192.168.9.0/24 0.0.0.0/0 n/a
acc/m all 192.168.10.0/24 0.0.0.0/0 n/a
---------------------------
And the ipfwadm -M -ln is:
IP masquerading entries
prot expire source destination ports
udp 04:57.47 192.168.10.13 xxx.xxx.xx.5 137 (61046) -> 137
udp 00:19.32 192.168.10.14 xxx.xxx.xx.9 1038 (61034) -> 53
udp 00:19.31 192.168.10.14 xxx.xxx.xx.9 1037 (61033) -> 53
udp 00:08.70 192.168.10.15 xxx.xxx.xx.5 137 (61028) -> 137
tcp 12:29.34 192.168.10.15 xxx.xxx.xx.126 1050 (61044) -> 21
udp 00:06.26 192.168.10.14 xxx.xxx.xx.5 137 (61015) -> 137
---------------------------
The xxx.xxx.xx.XX entries shouldn't be here since the rule for
forwarding is listed firstly. What is going wrong here?
Thanks and sorry for the long post.
[]s,
Mario O.de Menezes "Many are the plans in a man's heart, but
IPEN-CNEN/SP is the Lord's purpose that prevails"
http://curiango.ipen.br/~mario Prov. 19.21
Reply to: