[NTLUG:Discuss] IP NAT question

[Daniel Hauck]

I have wanted to do similar things but you should consider using a firewall
for how it was intended and forward only specific ports.  "ipfwadm" is the
tool I have used for that task and it works rather well.  It also allows the
flexibility to split services among several boxes using only one external IP
address.  (ex. port 80 forwards to the web server box and port 110 and 24 to
the mail server box.)

This allows the default firewall rules to protect your network better.
Otherwise, openning up all ports...?  Why not just run the ethernet straight
to the box?

----- Original Message -----
From: "Jay Urish" <j at ittotalsolutions.com>
To: <discuss at ntlug.org>
Sent: Tuesday, September 18, 2001 4:23 PM
Subject: [NTLUG:Discuss] IP NAT question


>
> I am trying to NAT 3 routeable IP's through a suse 7.2 box running kernel
2.4.4
> The kernel is compiled with the advanced_ip_router flay set to Y.
>
> I am using ipchains as well..
>
> Here are more detailed specs
>
> the box has 2 NIC's
> eth0 is on the dirty side on a /27
> eth1 is the clean side on a /24 (192.168.1.1)
>
> What I want to do is have it so I can route through the box from a dirty
IP to
> a clean IP. I can add ipchains rules later.
>
> for example:
> 66.88.190.227 > 192.168.1.100
>
> I want to be able to ping that box , ftp to it etc...
>
> I have 3 ip's that I want to do this with.
>
> After spending 13 hours on this problem I haven't gained much ground.
> I have read a zillion how-to's but still I can't gain any ground.
>
> I can ping the dirty ip but all I get back is
>
> Reply from 66.88.190.226: Destination port unreachable.
> FYI .226 is the main ip of the box.
>
> Has anyone done this before?
> I am at my wits end. I need some direction--
>
> TIA<
>
> Jay Urish       KB5VPS  General Class ARO
> Secretary Dallas Amateur Radio Club
> Member: A.R.R.L, D.A.R.C, T.A.P.R, TX.VHF-FM.S
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>