[plug] Accessing the net via my firewall

Bill Kenworthy billk at iinet.net.au
Sun Nov 11 18:13:41 WST 2001


ipmasq is the process of allowing a computer inside a firewall to access
the network.  It basicly takes packets on one interface, rewrites the
header so it appears to be coming from the firewall and lets them loose
on the net.  the reverse occurs for packets going the other way.  Thats
an extreemly simple explanation and there are lotsa wrinkles.  The
process uses some loadable kernel modules and either ipchains or
iptables to glue it together.  look for the iptables/ipchains and ipmasq
howto's for the method.  without this, packets hitting one interface on
your firewall machine have no way of passing through it  By design,
ipmasq uses some firewall functions to implement its fucnctionality -
for security as much as anything else.

There is also the possibility of mapping ports through from one
interface to the other using ipmasqadm (fiewall stuff again), but this
is not what you need to browse the net.

Billk

On Sun, 2001-11-11 at 17:36, Russ Pitman wrote:
> On Sun, Nov 11, 2001 at 05:01:21PM +0800, connell wrote:
> > Russ
> > 	As I understand it, you use ipchains to set up your firewalling, but
> > 'ipchains forward' is your masquerading that lets your workstation
> > browser's request thru the firewall machine.  Unless you have the
> > ipchains forward command set, the browser wont make it out regardless of
> > whether you have the firewall set or not.
> > 	I am sure someone else will provide a more thorough (and more accurate)
> > explanation.
> > 
> > PaulC
> > 
> Agreed,	tho I rather expected it to work without a firewall installed,just
> at the networking level.
> -- 
> 		    ----russ----
> 		    
> 
> 		    
> 




More information about the plug mailing list