On Thu, 19 Mar 1998, Bruce Tong wrote:
> Once part of the kernel, you can enable IP Masq. (It's part of the
> Firewall stuff, but I'm not certain exactly what the relationship is.)
Masq is a special mode for forwarding rules.
So assuming, that your internal is 192.168.100.0/24, than you would do
something like this:
# set default forwarding policy to deny.
/sbin/ipfwadm -F -p deny
# clear out ruleset. (if using input and accounting sets add lines for
# -I/-A)
/sbin/ipfwadm -F -f
# masq the internal network.
# add -o to debug -> this prints matched packets to klogd/syslogd.
/sbin/ipfwadm -F -a accept -m -S 192.168.100.0/24
I'd suggest putting this into say /etc/rc.d/rc.ipfwadm, and adding a line
like /etc/rc.d/rc.ipfwadm in /etc/rc.d/rc.local
(After chmod a+x /etc/rc.d/rc.ipfwadm)
Another nice trick would be transparent proxing http traffic:
# input rule: force all http access from the local net trough the proxy.
# The proxy runs on port 8080 on the router box.
/sbin/ipfwadm -I -a accept -S 192.168.100.0/24 -D 0.0.0.0/0 80 -r 8080
And one last thing would be IP accounting: You want to know who is causing
the IP traffic:
# add traffic counter for 192.168.100.1
/sbin/ipfwadm -A -a -S 192.168.100.1/32
(You can even put in a loop like this:)
# create traffic counters for 1, 3, and 5-8:
for i in 1 3 5 6 7 8
do
/sbin/ipfwadm -A -a -S 192.168.100.$i/32
done
Andreas
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
