I'm setting up a double network and a connection to the Internet.
Configuration:
capone
||
(192.168.127.100)
|
|
(192.168.127.254)
||
bugsy====(cc1.cc2.cc3.123)--------(cc1.cc2.cc3.254)===Internet
||
(192.168.128.254)
|
|
(192.168.128.201)
||
masters
(net1 == utp == 192.168.127.*)
(net2 == bnc == 192.168.128.*)
I want masters and capone to see each other, and them to be
able to reach the internet through masquerading.
I set up following ipchains configuration on bugsy:
ipchains -P forward ACCEPT
ipchains -A forward -s capone -d bnc/24
ipchains -A forward -s masters -d utp/24
ipchains -A forward -s capone -j MASQ
ipchains -A forward -s masters -j MASQ
I'm now able to ping between masters and capone and they both
can reach the internet, but when I do an ssh from masters to
capone, close it down and reopen it, then capone responds last
login from bugsy. Which makes me conclude NO forwarding is
performed WITHOUT masquerading between capone and masters.
Any explanation ?
I also wanted to add some more security through the -i flag, but
I wasn't able to perform this. The rule apparently was accepted,
but then the packages didn't go through at all anymore...
I tried
ipchains -P forward ACCEPT
ipchains -A forward -i eth0 -s capone -d bnc/24
ipchains -A forward -i eth1 -s masters -d utp/24
ipchains -A forward -i eth0 -s capone -j MASQ
ipchains -A forward -i eth1 -s masters -j MASQ
* Greetings from - Groetjes vanwege *
Dieter Demerre ----- ddemerre@acm.org
http://www.angelfire.com/de/ddemerre/
pgp:ddemerre@acm.org<-idap://certserver.pgp.com
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu