On Wed, 15 Sep 2004 menonrr@xxxxxxxxxxxx wrote:
>
> Hello,
>
> I did the 'ip addr' command. The result is as follows:
>
> [root@localhost root]# ip addr
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:60:97:df:8a:82 brd ff:ff:ff:ff:ff:ff
> inet 172.16.4.2/24 brd 172.16.4.255 scope global eth0
>
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:06:5b:b5:86:a9 brd ff:ff:ff:ff:ff:ff
> inet 172.16.3.10/24 brd 172.16.3.255 scope global eth1
>
>
> Issue:
>
> Is there a way so that I can forward the packets from the 172.16.4.0 network without having its IP address changed to 172.16.3.10, which is the so called "external interfce" for me.
>
>
> Network set up: (Strictly private)
>
> The redhat 9 gateway forwards traffic between two private networks. The network topology goes like this:
>
> 172.16.8.0/24 ------------ router ----------- 172.16.3.0/24 ------- | Redaht 9 | ------- 172.16.4.0/24
>
> This is a strictly private network setup for doing some tests.
You said you wanted the router/firewall to masquerade as the 172.16.3
address, for systems on the 172.16.4 network. You appear to have the
correct POSTROUTING line.
The "ip addr add" line I gave does not replace the IP of the "external"
interface. It adds an additional, aliased IP to that interface. If you
use the "ip addr add" command that I gave you, then just run "ip addr"
from the command line, you should see that the external interface now has
two IP addresses attached to it, like so (on my own firewall):
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:20:af:6b:27:11 brd ff:ff:ff:ff:ff:ff
inet 69.212.163.242/29 brd 69.212.163.247 scope global eth0
inet 69.212.163.241/32 scope global eth0
inet 69.212.163.243/32 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:60:67:70:7c:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global eth1
Note that my external interface, eth0 in my case, has 3 IPs. The first IP
includes the appropriate netmask, as assigned me by my ISP. The
additional IPs are single IPs, assigned to the interface. The firewall
will act on packets destined for those IPs, according to my firewall
rules, and using POSTROUTING lines like the one you set up, masquerade
outbound connections as one of those IPs.
The point is that if your firewall doesn't have the IP, in question,
assigned to its external interface, it can't masquerade as that IP.
Period.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request@xxxxxxxxxxxxxxxxx
with a message of:
subscribe
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
