Question on ipchains

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDavid Demland at <-
MDavid Demland at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
Subject: Question on ipchains
On Fri, 2004-01-23 at 19:19, David Demland wrote:
> I have an internal box being used as a router. I need to route an IP to a
> different IP and I am not sure how to do this with ipchains. Here is what I
> am trying to do:
> 
> 10.0.0.253    +--------+  192.168.0.200
> ------------->| Router |----------------->
>               +--------+

>
> The firewall converts the packets into an internal IP which is part of a
> DMZ. The router handles the traffic from the DMZ to the internal network. I
> need to get a path from the firewall to a server on the internal network. I
> have the firewall converting packets into an address that is on the same
> network as the DMZ, but the address does not exist. I want to have the
> router convert this non-existing address into an address of an existing
> server on the internal network. The route is a debian box running ipchains.
>
> How do I set the ipchains rules to convert the IP from one to another?
---
Too little info - too little clear in the question. Generally, when I
ask a question like this, in order to get a clear correct answer, I must
demonstrate that I have made a significant effort to understand the
issue enough to be able to ask questions clearly.

It does seem that you are wanting to do either forwarding or
masquerading. I can't tell and a router that is handing traffic from the
DMZ to the internal network is such a confused concept - given my
definition of a DMZ anyway - that it's simply not possible to figure out
where you are going with this.

ipchains requires ipmasqadm for 'forwarding' packets which you may
already have compiled in if the router already does forwarding as it
would appear to do with your description.

That being said, the 2.4 kernel is now phasing out so using the 2.2
kernel on the router doesn't make much sense. Considering the
performance and security enhancements of the 2.4 kernel / iptables, it
definitely is easier to use it which makes it the obvious upgrade.

<http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/index.html>
David Ranch's IPMASQ html pages

Craig


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Free Software DayWhat a group!->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)