[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: no private network - rule help - FAQ candidate response
From:       Carson Gaspar <carson () taltos ! org>
Date:       2003-01-24 5:55:44
[Download RAW message or body]



--On Thursday, January 23, 2003 7:45 PM -0700 Ryan Courtnage 
<rcourtna@verity.com> wrote:

> This box is equiped with only 1 nic, so there is no private network behind
> it.
> Can ipfilter move traffic on this box (ie: 172.29.90.38) to it's neighbour
> (ie: 172.29.90.39)??
> If so, what would my rules look like?

The RDR is easy. The question is, how do you get 172.29.90.39 to route all 
replies via 172.29.90.38? If nothing is ever supposed to talk directly to 
172.29.90.39, you can set it's default router to be 172.29.90.38, and 
everything should be fine. Add specific routes to internal networks if 
desired.

If you don't want to do that, and if you don't care about source IP 
addresses being real, you can do the following (assuming an interface of 
eth0):

# Redirect HTTP traffic to 172.29.90.38
rdr eth0 172.29.90.38/32 port 80 -> 172.29.90.39/32 port 80 tcp
# Map source addresses of HTTP traffic to 172.29.90.39.
# Forces replies to come through us.
map eth0 from 0/0 to 172.29.90.39/32 port = 80 -> 10.1.0.0/16 portmap tcp 
1024:60000

Then set a route on 172.29.90.39 for destination 10.1.0.0/16 of gateway 
172.29.90.38


[prev in list] [next in list] [prev in thread] [next in thread]