[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP-Masquerade

On Tue, 17 Aug 1999, Guilherme Soares Zahn wrote:

> Hi there,
>     today I was trying to set our computers to do IP-Masquerading (we'll
> be changing our external provider, and while the old one did the
> masquerading for us, the now one doesn't)... I tried to do everything as
> explained in the IP-Masquerade HOWTO, but for some reason things weren't
> running quite fine (well... not fine at all, as the packages coming from
> one adapter wouldn't see the other eth's)...
>     I found a way to set things to work, but I'd like to know if this
> creates any problem or opens any security breach (and, if it does, what
> should I do)... The idea was to get our subnets 192.168.x.0 to go
> through a REAL net...
> The HOWTO suggested I should try something like
> ipfwadm -F -p deny (setting 'deny' as the default rule)
> ipfwadm -F -a masquerade -P tcp -D
is there a typo here or you're using the entire range from 192.168.0 to
192.168.255. If you're using one C class (, your mask should
be (or

I'm not sure but as you didn't specified the interface, ipfwadm is trying
to guess from you source definition, that may not match ifconfig settings.

Just curious: você não está utilizando o potato? Kernel 2.3.x? Por que não
utiliza o ipchains? (sorry all others :)

Mario O.de Menezes            "Many are the plans in a man's heart, but
    IPEN-CNEN/SP                 is the Lord's purpose that prevails"
http://curiango.ipen.br/~mario                 Prov. 19.21

Reply to: