[NTLUG:Discuss] IP NAT question

Jay Urish j at yourlinuxguru.com
Tue Sep 18 17:04:57 CDT 2001 

At 04:50 PM 9/18/2001 -0500, you wrote:
>I have wanted to do similar things but you should consider using a firewall
>for how it was intended and forward only specific ports.  "ipfwadm" is the
>tool I have used for that task and it works rather well.  It also allows the
>flexibility to split services among several boxes using only one external IP
>address.  (ex. port 80 forwards to the web server box and port 110 and 24 to
>the mail server box.)
>
>This allows the default firewall rules to protect your network better.
>Otherwise, openning up all ports...?  Why not just run the ethernet straight
>to the box?

Because the box on the clean side needs access to network resources.

Believe me, I plan on filtering 99.9% of the internet out via IPchains..
I just need the functionality first.


>----- Original Message -----
>From: "Jay Urish" <j at ittotalsolutions.com>
>To: <discuss at ntlug.org>
>Sent: Tuesday, September 18, 2001 4:23 PM
>Subject: [NTLUG:Discuss] IP NAT question
>
>
> >
> > I am trying to NAT 3 routeable IP's through a suse 7.2 box running kernel
>2.4.4
> > The kernel is compiled with the advanced_ip_router flay set to Y.
> >
> > I am using ipchains as well..
> >
> > Here are more detailed specs
> >
> > the box has 2 NIC's
> > eth0 is on the dirty side on a /27
> > eth1 is the clean side on a /24 (192.168.1.1)
> >
> > What I want to do is have it so I can route through the box from a dirty
>IP to
> > a clean IP. I can add ipchains rules later.
> >
> > for example:
> > 66.88.190.227 > 192.168.1.100
> >
> > I want to be able to ping that box , ftp to it etc...
> >
> > I have 3 ip's that I want to do this with.
> >
> > After spending 13 hours on this problem I haven't gained much ground.
> > I have read a zillion how-to's but still I can't gain any ground.
> >
> > I can ping the dirty ip but all I get back is
> >
> > Reply from 66.88.190.226: Destination port unreachable.
> > FYI .226 is the main ip of the box.
> >
> > Has anyone done this before?
> > I am at my wits end. I need some direction--
> >
> > TIA<
> >
> > Jay Urish       KB5VPS  General Class ARO
> > Secretary Dallas Amateur Radio Club
> > Member: A.R.R.L, D.A.R.C, T.A.P.R, TX.VHF-FM.S
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss

Jay Urish       KB5VPS  General Class ARO
Secretary Dallas Amateur Radio Club
Member: A.R.R.L, D.A.R.C, T.A.P.R, TX.VHF-FM.S
Monitoring 145.17 443.075 PL110.9

More information about the Discuss mailing list