I'm not sure of what you want but here is an example: (Assuming local net is 10.0.0.160/27) # Accept icmp (for example ping) ipchains -A output -p icmp -j ACCEPT # Deny TCP sessions to local network (that is noone outside # the firewall may access web, ftp,... at your local net) # (Note the -y option) ipchains -A output -p tcp -d 10.0.0.160/27 -y -j DENY # Accept any TCP packets to local network ipchains -A output -p tcp -d 10.0.0.160/27 -j ACCEPT # Maybe you want some UDP ports open # Accept port 4000/UDP to local network ipchains -A output -p udp -d 10.0.0.160/27 4000 -j ACCEPT # Deny anything else to local network ipchains -A output -d 10.0.0.160/27 -j DENY Regards, Daniel > -----Ursprungligt meddelande----- > Från: lartc-admin@xxxxxxxxxxxxxxx > [mailto:lartc-admin@xxxxxxxxxxxxxxx]För Fredrik Rambris > Skickat: Wednesday, October 25, 2000 3:31 PM > Till: Linux Advanced Routing and Trafic Control > Ämne: [LARTC] Packet rewriting > > > Hello > > Now here's a problem I've never thought of before. > > We have been given a net from UUNET. The first IP-address (.161) is used > by their router (which we have no access to fiddle with). I have > installed a firewall at .162 which will serve both as firewall and > trafic controller. My question is how to I make the public IP-addresses > accessible from the outside and still be located behind the firewall? > Like this > > [Internet]--[UU-Router.161]--[Firewall.162] > I want to be able to put a machine behind the firewall on a public > IP-adress (.163) but still protected by the firewall. I was told that > this could be done in other firewalls by aliasing the NIC on the outside > to all public ip-addresses and then have the firewall forward these > packets to a computer on the inside. Like portforwarding but a whole > machine (all ports) on all protocols (under IP ofcause) (not blocked by > the firewall). > > Is this possible with ipchains and some fancy packetrewriting? > > Anyone have any tips? > -- > Admera Solution Provider AB > Tel: 0733-850 814 > Position: 55°36´13N 13°03´36E
