Re: iptables firewall and forwarding.

From: Seth Arnold (sarnold@wirex.com)
Date: 10/22/02


Date: Mon, 21 Oct 2002 21:29:11 -0700
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com


On Fri, Oct 18, 2002 at 12:07:47PM -0400, Sheldon Lee Wen wrote:
> The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations
> are on yyy.yyy.yyy.yyy

> However, the development servers use to be on the yyy.yyy.yyy.yyy and
> the raptor firewall has been forwarding their old yyy.yyy.yyy.yyy
> addresses to the xxx.xxx.xxx.xxx addresses, but the raptor firewall is
> not the router or gateway for the yyy.yyy.yyy.yyy network. So, I'm not
> sure how I can do that on Linux. Has the raptor firewall been acting
> as a router as well? Do I need routed on Linux?

I _think_ what you've described is done through DNS; do your development
workstations try to access foo.bar.internal.address or do they try to
access 10.2.4.5 or something? If the former, then this is very easy DNS
stuff. If the latter, then you should ask your employees to learn the
new IP addresses of the servers. :)

You may like to google for BIND HOWTO; I think it is probably the
solution to this problem.

Cheers

-- 
http://immunix.org/