IP Masquerade over IP Alias

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Horst von Brand: "Re: linux-2.2.11-pre7: i386 asm cleanup"
• Previous message: Mirian Crzig Lennox: "Problem getting LinkSys Combo PCMCIA EthernetCard to work on 2.2.x"

This weekend i've using ip alias to setup a firewall (now called as fw)
on my University. The idea is all my machines connected behind the fw,
and the fw had all valid IP's and redirect packs via portfw only to the
specific servers and services in the internal machines. All this
machines (internally) will have B Class reserved ip numbers, and the fw
does an masquerade of the packets to send the answers to the INet
clients.

This is my situation. I have the portfw working, all http packs (for
example) that go to 200.xxx.xxx.15 goes to my 172.18.xxx.xxx machine.
But i cannot do the reverse with the packs. I run the ipchains masq
rule, using the virtual adapter (eth4:3, for exemple), and close all
doors in the real adapter (eth4). The packs don't go back. Opening the
firewall ports, and using a packet sniffer besides the fw and the
router, i saw all packs outgoing with the ip number of my real adapter,
not with the virtual one.

This happens with all kinds of services i use, not just http.

The question: Is this a ``feature'' or a bug? If this works, sorry for
this post, and please if you know how to do this, send me in PVT, if you
wish. If this is a bug, i'll pleasured to test any workaround and/or
fix.

The system is a Slack 4.0, ipchains 1.3.8, kernel 2.2.10 all modular.

Sorry for the long mail. Flames in PVT, please.

Thanks in advance.

-- 
+-------------------------+-----------------------------------+
| Alexandre Hautequest    |  ISTM do Brasil - www.istm.com.br |
|  hquest@istm.com.br     |      Centro de Suporte Linux      |
|   Suporte Técnico       |    r Pe. Anchieta, 793 - Mercês   |
|  Linux User# 116289     |            Curitiba - PR          |
|                         |          +55 41 335-1600          |
+-------------------------+-----------------------------------+
|   --- As opiniões aqui expressas são únicas do autor, ---   |
|        --- podendo não ser as mesmas da empresa. ---        |
+-------------------------------------------------------------+
| - Alem do obvio ululante que pulula nas mentes humanas... - |
|                                                             |
|  - When I'm on the road, I'm indestructible. No one can  -  |
|                - stop me. But they try... -                 |
+-------------------------------------------------------------+

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Horst von Brand: "Re: linux-2.2.11-pre7: i386 asm cleanup"
• Previous message: Mirian Crzig Lennox: "Problem getting LinkSys Combo PCMCIA EthernetCard to work on 2.2.x"