OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [fw-wiz] NAT
From: Paul D. Robertson (probertsclark.net)
Date: Wed Apr 26 2000 - 16:10:16 CDT

On 24 Mar 2000, Alexandre A. Rodioukov wrote:

> I think the thing I'm looking for is static NAT. Unfortunately my
> first attempts to make NAT working where done on linux system (it
> seems to me that level of support of NAT in linux is not that
> great). What i wanted to do is for outsiders to be able to access some
> machines/services inside the network via real-IPs (machines by
> themselves are assigned fake addresses). Also it would be kinda great
> if some outgoing connections from internal net would be seen as they
> are from mapped to the originator address real IPs. (hope that makes
> sense). Small diagram:

I'm sure this is doable with Linux with some masquerading for the
internal to external connections and Masquerading or redirection for the
external to internal ones. You could also proxy the connections and/or
use a transport layer tunnel like plug-gw and udprelay.

The IP Chains HOWTO covers redirection and masquerading, IP aliasing on
the external interface would allow you to do this with multiple addresses.

As well as reading the IPChains HOWTO, you might want to look at:

http://linas.org/linux/load.html

It's also trivially doable with IPFilter running under one of the BSDs,
which tends to be my recommendation these days (I chose NetBSD/IPfilter
last time I had to do one of these, Free- or Open- would work equally
well.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
probertsclark.net which may have no basis whatsoever in fact."
                                                                     PSB#9280