: Hi i have a debian box working as a router.. it works quite well, now i
: want to give more than 1 ip.. is it possible to do it?
You want to host more than one IP on your box? Easily done.
# ip addr add eth1 $SECONDARY_OUTSIDE_IP/32
: some of them must be an open ip.. i mean.. all ports opened is it
: possible? how should i do it?
Sure, it's possible*. Note, though, that in this command, you have not
specified a destination address on these DNAT commands, so you'll need to
change them.
: iptables -t nat -A PREROUTING \
: -i eth1 -p tcp --dport 110 -j DNAT --to 192.168.0.16:25
This should be something more like this:
iptables -t nat -A PREROUTING -j DNAT --to 192.168.0.16:25 \
-i eth1 -p tcp --dport 110 -s 0/0 -d $PRIMARY_OUTSIDE_IP
: iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
If you wish to have more control over the source address of these packets,
you can use "-j SNAT --to $PRIMARY_OUTSIDE_IP".
[ many DNAT commands snipped ]
* in order to open all ports to a given internal IP, try the following:
iptables -t nat -A PREROUTING -j DNAT --to $GAPING_SECURITY_HOLE \
-i eth1 -s 0/0 -d $SECONDARY_OUTSIDE_IP
That should do it! Be forewarned, that application layer protocols which
embed network layer information in their messages will be
confused....consider the usual NAT problems with FTP.
Best of luck,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
