Re: Masquerading problem

Keith Owens (kaos@ocs.com.au)
Fri, 07 Mar 1997 12:24:01 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Francis Vidal: "Re: [Q] Connect MS-DOS machines to Linux box"
Previous message: David S. Miller: "Re: Extremely preliminary WWW benchmark numbers with ISS test3"
Maybe in reply to: Paul: "Masquerading problem"

On Thu, 6 Mar 1997 12:00:14 -0500 (GMT),
<msmith@quix.robins.af.mil> wrote:
> ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0
>
>telnet from 192.168.1.2 to 137.244.x.x does nothing.
>
>Then I replace this rule with:
>
> ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth1
>
>Everything works as expected. But eth1 is the external interface.
>Is this correct? I expected it to be the opposite.

Originally firewall forwarding rules specified the interface the packet
came in on. This was a mistake, it makes more sense for forwarding to
specify the interface you go out on. You can have packets arriving on
multiple internal interfaces but you forward out via one interface.
>From a dim, distant memory, the change was somewhere in 1.3.5x. -I and
-O still specify their respective interfaces.

Next message: Francis Vidal: "Re: [Q] Connect MS-DOS machines to Linux box"
Previous message: David S. Miller: "Re: Extremely preliminary WWW benchmark numbers with ISS test3"
Maybe in reply to: Paul: "Masquerading problem"