[plug] Routing
Craig Ringer
craig at postnewspapers.com.au
Tue Jun 18 19:32:30 WST 2002
> Say I have a box acting as a gateway. In that gateway (well within the
> gateways network) I have a block of live IP's that all need access to the
> world (easy)
Live IP == world reachable (non-private) IP eg not 192.168.x.x or
10.x.x.x , block assigned by ISP?
Just asking to be sure, because if you're using IP Masquerade and
private IP ranges, its an entirely different kettle of fish.
> How do I go about allowing traffic to flow freely in and out?
Its rather more "how do I limit what trafffic is passed freely in and
out" normally ; your ISP should be routing all traffic to your assigned
IP block to your
gateway, which by default ( or as per /proc/sys/net/ipv4/ip_forward )
will route the packets to the appropriate host on the LAN.
> Is it simply a firewall issue or something else?
Well, you'll definitely want to set up a firewall on the gateway to
police traffic and limit what can and can't pass; for normal users with
private IP blocks who use IP masq its less of an issue since internal
hosts can't be directly attacked (having non-routeable addresses) -
you'll have to be extra careful.
If what you're trying to do is make machines reachable through a
firewall doing NAT/IPMASQ where the machines have non-routeable IPs,
that's a bit different, what you're looking for is port forwarding and
it is quite limited (eg only one host per port, so if you have 2
internal webservers you want accessable one must appear as port 80 and
one as port 81 on the firewall (example port choices) eg forward
80->host1:80, 81->host2:80 ).
Sorry if this is wildly off track but the info given isn't too specific
as to the network setup and the problem.
Craig Ringer
More information about the plug
mailing list