Professional Web Applications Themes

non-masquerading firewall - Linux Setup, Configuration & Administration

I have built a number of NAT systems in several countries, which use reserved IP addresses for their masqueraded networks (192.168.0.0/16, 10.10.0.0/16, etc.). I am familiar with IP tables. Now I would like to build a system, that would just forward packets from eth0 to eth1. Both NIC would operate in the same IP block. That would give me an opportunity to filter out undesirables in both directions, while making all my machines visible from outside. I looked over HOWTO's and miniHOWTO's, but they all deal with NAT systems, not just strict forwarding. Before I start reinventing the wheel, I ...

  1. #1

    Default non-masquerading firewall

    I have built a number of NAT systems in several countries, which use
    reserved IP addresses for their masqueraded networks (192.168.0.0/16,
    10.10.0.0/16, etc.). I am familiar with IP tables.

    Now I would like to build a system, that would just forward packets from
    eth0 to eth1. Both NIC would operate in the same IP block.
    That would give me an opportunity to filter out undesirables in both
    directions, while making all my machines visible from outside.

    I looked over HOWTO's and miniHOWTO's, but they all deal with NAT systems,
    not just strict forwarding.

    Before I start reinventing the wheel, I would like to see some solutions
    already available in public domain.
    Could anyone please point me to a source of info on this subject?

    Thanks


    Frank Bures, <utoronto.ca>


    FEEB Guest

  2. #2

    Default Re: non-masquerading firewall

    On Thu, 29 Jan 2004 15:27:08 -0500 (EST), "FEEB" <utoronto.ca>
    wrote:
     

    It seems to me that this is simpler than you think.

    If you aren't doing NAT, then you just need ACCEPT or DROP rules. As for
    forwarding, you leave that up to the Linux TCP/IP stack by setting the
    /proc/sys/net/ipv4/ip_forward value to 1.

    --
    Lew Pitcher
    IT Consultant, Enterprise Technology Solutions
    Toronto Dominion Bank Financial Group

    (Opinions expressed are my own, not my employers')
    Lew Guest

  3. #3

    Default Re: non-masquerading firewall

    On Thu, 29 Jan 2004 20:54:04 GMT, Lew Pitcher wrote:
     
    <utoronto.ca> [/ref]
    systems, 
    >
    >It seems to me that this is simpler than you think.
    >
    >If you aren't doing NAT, then you just need ACCEPT or DROP rules. As for
    >forwarding, you leave that up to the Linux TCP/IP stack by setting the
    >/proc/sys/net/ipv4/ip_forward value to 1.[/ref]

    So, you just assign those two NIC's two different IP addresses from the
    same IP block?


    Frank Bures, <utoronto.ca>


    FEEB Guest

Similar Threads

  1. Masquerading as a Different Control at Design Time
    By Mark in forum ASP.NET Building Controls
    Replies: 3
    Last Post: February 21st, 03:29 AM
  2. Sendmail masquerading configuration
    By Ian Moore in forum FreeBSD
    Replies: 3
    Last Post: February 23rd, 11:32 AM
  3. watch out for virus masquerading as Microsoft
    By R. Joseph Newton in forum PERL Beginners
    Replies: 0
    Last Post: November 1st, 09:02 AM
  4. USE FIREWALL
    By Ted in forum Windows Setup, Administration & Security
    Replies: 2
    Last Post: August 13th, 02:38 AM
  5. Firewall
    By Jimmy in forum Windows Networking
    Replies: 3
    Last Post: August 5th, 08:18 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139