IP-Masquerade
Hi there,
today I was trying to set our computers to do IP-Masquerading (we'll
be changing our external provider, and while the old one did the
masquerading for us, the now one doesn't)... I tried to do everything as
explained in the IP-Masquerade HOWTO, but for some reason things weren't
running quite fine (well... not fine at all, as the packages coming from
one adapter wouldn't see the other eth's)...
I found a way to set things to work, but I'd like to know if this
creates any problem or opens any security breach (and, if it does, what
should I do)... The idea was to get our subnets 192.168.x.0 to go
through a REAL net...
The HOWTO suggested I should try something like
ipfwadm -F -p deny (setting 'deny' as the default rule)
ipfwadm -F -a masquerade -P tcp 192.168.0.0/255.255.0.0 -D 0.0.0.0/0
(and the same for udp)
I removed both lines and tried:
ipfwadm -F -p accept -m (default policy: accept, masquerading)
Now everuthing works fine, but I'm somehow suspicious this may open a
whole in our security... does it? Is there a safer way to do it?
[]'s
Guilherme Zahn
Reply to: