If you do that, then all the machines behind the firewall would have to use real IP else they would not be able to talk to the linux box. Take a look a Chapter 7 of the IPCHAINS-HOWTO. It gives a good example. You will find that from the GOOD internal to the BAD external, all required protocols are masqueraded. Paul Zimdars wrote:
So I cannot just setup two interfaces with real ip numbers and have internal machines behind the second interface using real ip numbers? I want the linux box to be a firewall using ipchains on an existing network.
Paul
On Fri, 3 Mar 2000, Wayne Chan wrote:
Paul,
You'll have to enable IP Masqerading in the linux box using ipchains. Real IP and private addresses do not mixed.
Basically, in your linux box, the interface inside the lan should be using private IP and the interface outside to the internet should be using real IP.
Wayne Chan wayne@aeonxe.com
Paul Zimdars wrote:
No.. Its a Redhat 6.0 system with kernel 2.2.14 Let me add some more info..if I use private addresses 192.168.2.* whatever on the machines behind the lan side and the second nic card on the firewall they can ping each other and the machines inside the lan can ping the first and second interface on the firewall but not to any other place outside of the internet..from the firewall I can ping any place outside of the firewall.
Paul
On Thu, 2 Mar 2000, Christopher D. Reimer wrote:
Do you have your networks specified in the /etc/networks file? This was the probelm that I had when I was trying to get my internal network to talk with the internet.
Christopher Reimer
On Thu, 2 Mar 2000, Paul Zimdars wrote:
Hello,
I have a problem. I have a linux box with two network cards configured with "real" ip numbers instead of private numbers. One is connected to the internet side and the other network card is connected to the fake side. I can ping both network cards from outside the internet but I cannot ping my interfaces from inside the lan. Ip forwarding is enabled. I am wondering if anyone knows how to fix this problem. All I really want to do is have a linux box in front of a hub which has a bunch of other machines behind it with real ip #s so that I can use ipchains to control incoming and outgoing traffics to those machines that are connected behind my firewall.
Thank You,
Paul Zimdars pzimdars@zimcity.net
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/