This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

newbie: Masquerading

Hi
I am new in handling of firewalls. I have a private network, on 192.168.100.x and my firewall is 192.168.100.251.
of course the firewall is the only pc connected to the internet and that's why I have to masquerade my private-ip's.
earlier, I wrote an ipchains-firewall-script, there was the chain:
ipchains -A input forward -i $External_Interface -s $Lan_1 -j MASQ
-> so I tried to set up with DNat/SNat:
Source: Any
Destination: External_Interface
Service: No change
Change source to: No Change
Change destination to: Internal_Interface
Service: No Change.

Unfortunately It doesn't work and I don't see why. So it sees, I am not thinking logical enough... Do I have also make a routing modification?

I hope on responses, thanks and greets.
mirco

This thread was automatically locked due to age.

0 JimmyM over 22 years ago

Dont choose the DNAT/SNAT rule type. Choose the Masquerading rule type and then MASQ your internal network to your external interface.

Create a packet filter rule.
Source: Internal_net
Service: Any
Destination: Any
Action: Allow

That should do it..
Cancel
Vote Up 0 Vote Down

Cancel
0 mirco over 22 years ago

I forgot to explain, that I allowed everything (any) in the filter-rules.
hope, it helps...
Cancel
Vote Up 0 Vote Down

Cancel
0 madperk over 22 years ago

Make a Masquerading rule.  when creating the rule the network should be the internal network and the interface should be the external interface. when you are done it should look something like this
LAN_10   eth0_10_Network__ -> All / All   MASQ__eth1_109   None
you will also need to make a packet filter rule that allows traffic on your internal network to got out.
Cancel
Vote Up 0 Vote Down

Cancel