Re: iptables firewall and forwarding.

From: Devdas Bhagat (dvb@users.sourceforge.net)
Date: 10/22/02

Previous message: Zow: "Re: iptables firewall and forwarding."
In reply to: Sheldon Lee Wen: "iptables firewall and forwarding."
Next in thread: Glynn Clements: "Re: iptables firewall and forwarding."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Oct 2002 12:20:21 +0530
From: Devdas Bhagat <dvb@users.sourceforge.net>
To: Sheldon Lee Wen <sheldon.leewen@cgi.com>

On 18/10/02 12:07 -0400, Sheldon Lee Wen wrote:
> The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations
> are on yyy.yyy.yyy.yyy
Assuming developer workstations on 192.168.0.1/24 and servers on
10.0.0.1/24.

> I have the box on both networks and masquerading, so that you can go from the
> developer workstations to the development servers. However, the development
> servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been
> forwarding their old yyy.yyy.yyy.yyy addresses to the xxx.xxx.xxx.xxx
> addresses, but the raptor firewall is not the router or gateway for the
> yyy.yyy.yyy.yyy network. So, I'm not sure how I can do that on Linux. Has the
This sounds like the Raptor box was performing static NAT for the
10.0.0.1/24 network, so that 192.168.1.129 maps to 10.0.0.129.
To achieve the same effect, you can alias ip addresses on the Linux
box with ifconfig eth0:<string> <ipaddress>. Then setup static NAT rules
to forward the packets correctly.

> raptor firewall been acting as a router as well? Do I need routed on Linux?
You don't need routed. You need routed/zebra when you wantto use dynamic
routing. In most cases, static routes are sufficient with ip forwarding
enabled (sysctl -w net.ipv4.ip_forward=1).

Devdas Bhagat

Previous message: Zow: "Re: iptables firewall and forwarding."
In reply to: Sheldon Lee Wen: "iptables firewall and forwarding."
Next in thread: Glynn Clements: "Re: iptables firewall and forwarding."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: iptables firewall and forwarding.
... > The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations ... > addresses to the xxx.xxx.xxx.xxx addresses, but the raptor firewall is ... > not the router or gateway for the yyy.yyy.yyy.yyy network. ...
(Focus-Linux)
iptables firewall and forwarding.
... now my boss wants to put in a linux firewall. ... The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations ... servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been ...
(Focus-Linux)
Re: iptables firewall and forwarding.
... > developer workstations to the development servers. ... > servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been ... > yyy.yyy.yyy.yyy network. ...
(Focus-Linux)