[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IP-Masquerade

Hi there,

    today I was trying to set our computers to do IP-Masquerading (we'll
be changing our external provider, and while the old one did the
masquerading for us, the now one doesn't)... I tried to do everything as
explained in the IP-Masquerade HOWTO, but for some reason things weren't
running quite fine (well... not fine at all, as the packages coming from
one adapter wouldn't see the other eth's)...

    I found a way to set things to work, but I'd like to know if this
creates any problem or opens any security breach (and, if it does, what
should I do)... The idea was to get our subnets 192.168.x.0 to go
through a REAL net...

The HOWTO suggested I should try something like

ipfwadm -F -p deny (setting 'deny' as the default rule)
ipfwadm -F -a masquerade -P tcp 192.168.0.0/255.255.0.0 -D 0.0.0.0/0
(and the same for udp)

I removed both lines and tried:

ipfwadm -F -p accept -m (default policy: accept, masquerading)

Now everuthing works fine, but I'm somehow suspicious this may open a
whole in our security... does it? Is there a safer way to do it?

[]'s

Guilherme Zahn
Reply to: