Re: IP-Masquerade

[Mario Olimpio de Menezes <mario@curiango.ipen.br>]

On Tue, 17 Aug 1999, Guilherme Soares Zahn wrote:

> 
> Hi there,
> 
>     today I was trying to set our computers to do IP-Masquerading (we'll
> be changing our external provider, and while the old one did the
> masquerading for us, the now one doesn't)... I tried to do everything as
> explained in the IP-Masquerade HOWTO, but for some reason things weren't
> running quite fine (well... not fine at all, as the packages coming from
> one adapter wouldn't see the other eth's)...
> 
>     I found a way to set things to work, but I'd like to know if this
> creates any problem or opens any security breach (and, if it does, what
> should I do)... The idea was to get our subnets 192.168.x.0 to go
> through a REAL net...
> 
> The HOWTO suggested I should try something like
> 
> ipfwadm -F -p deny (setting 'deny' as the default rule)
> ipfwadm -F -a masquerade -P tcp 192.168.0.0/255.255.0.0 -D 0.0.0.0/0
                                              ^^^^^^^^^^^
is there a typo here or you're using the entire range from 192.168.0 to
192.168.255. If you're using one C class (192.168.0.0), your mask should
be 255.255.255.0 (or 192.168.0.0/24).

I'm not sure but as you didn't specified the interface, ipfwadm is trying
to guess from you source definition, that may not match ifconfig settings.

  
Just curious: você não está utilizando o potato? Kernel 2.3.x? Por que não
utiliza o ipchains? (sorry all others :)


[]s,
Mario O.de Menezes            "Many are the plans in a man's heart, but
    IPEN-CNEN/SP                 is the Lord's purpose that prevails"
http://curiango.ipen.br/~mario                 Prov. 19.21