RE: static routing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


	Hello Brian ,

On Fri, 28 Jul 2000, Brian Klug wrote:
> Jason, that worked pretty well.

> I can access that interface from all 4 ip's now.  Looks like I'm half
> done.
> I tried the next step myself.  I'm actually using the older IPFWADM
> program for my masquerading.
	This is cool .
	Ipfwadm ?  Under which kernel version ?
	I am not sure if it works properly under 2.2 or greater ,
	though there are far wiser heads than I on that score .

> I just did:
> # ipfwadm -F -i accept -S 64.50.146.19 -D 192.168.1.2
> # ipfwadm -F -i accept -S 64.50.146.20 -D 192.168.1.3
> # ipfwadm -F -i accept -S 64.50.146.21 -D 192.168.1.4
> # ipfwadm -F -l -n
> IP firewall forward rules, default policy: deny
> type  prot source               destination          ports
> acc   all  64.50.146.19         192.168.1.2          n/a
> acc   all  64.50.146.20         192.168.1.3          n/a
> acc   all  64.50.146.21         192.168.1.4          n/a
> acc/m all  192.168.1.0/24       0.0.0.0/0            n/a
> # 
> It looks like it work magically -- that is it looks like anything coming
> in from 64.50.146.19 would be sent to 192.168.1.2, etc.
> 
> But when I telnet to 64.50.146.19 I get the login MOTD for the
> 64.50.146.18 box.  So close :)
	That sounds -very- familiar .  But, do keep at it if this can
	do the trick it will have a great deal of application to another
	area I am working in .  Tnx ,  JimL

> Brian

> PS: After I wrote this mail, I'm now unable to access the box at all.
> The telnet MOTD is displaying really slow, well no, now the box is
> refusing all connections.  I assume the CPU is busy routing IP traffic
> to itself or something equally uninteresting.
	Drats .

> No big deal, I'll just see what I did to the box when I get home.
> Actually, I think I know what I did wrong.  I had the wrong concept of
> how ipfwadm instructs the kernel to forward packets.  I must have had it
> backwards, or approaching it the wrong way.
	Nah ,  'should not' be the case .  Old story ,  "If it worked once
	then should work always .  Only way behaviour 'should' change
	is if something was changed ."  Tis cool though , Please keep
	us informed .  Twyl,  JimL

       +----------------------------------------------------------------+
       | James   W.   Laferriere | System  Techniques | Give me VMS     |
       | Network        Engineer | 25416      22nd So |  Give me Linux  |
       | babydr@baby-dragons.com | DesMoines WA 98198 |   only  on  AXP |
       +----------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOYHpA9bsrYDRJjJBEQLt9ACeM3iffodYRQQZdR/CROMvfmi+rQYAnimt
G1CfZeysGq02vjiM5Pwn4PDS
=bEau
-----END PGP SIGNATURE-----
 

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux