Hi Ashe, > I have set up a very basic firewall for our system. > We have 126 addresses to be used to/from the outside world (204.48.178.0/25) > and are using 10.x numbers on the inside. > > It is working almost as I expected except for the following. The DNAT > connections come into the system fine but are seen as originating from the > eth0 interface rather than their eth0:x interface. So, when attaching to a linux > cpu with ssh I am needing to place the ip# for the eth0 interface in the > hosts.allow file rather than the much more restrictive eth0:x ip#. Can it be set > up so the connection is between the external eth0:x ip# and its linked internal > ip#? You could try: route add <internal-server-10.0.0.x> dev eth0 \ gw <address-of-eth0:x> Using an address of your own box as the gateway of a route will cause locally-generated traffic going down that route to come from that address, instead of the default address on the device. This should mean that the masquerading uses that address too, but I haven't tested it. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
