LinuxSA Mailing list archives

  From: David Rowlands <davidr@empower.com.au>
  To  : Andrew Reid <andrew.reid@plug.cx>
  Date: Thu, 31 May 2001 12:27:28 +0930

RE: ip masquerading

It's not what you missed, its what I failed to mention. I use fwtk to
forward ports from the internal exchange server to the outside world for web
email. If I DENY the exchange server, the port forwarding with fwtk stops.

-----Original Message-----
From: Andrew Reid [mailto:andrew.reid@plug.cx]
Sent: Thursday, May 31, 2001 11:55 AM
To: David Rowlands
Cc: 'linuxsa@linuxsa.org.au'
Subject: Re: ip masquerading


On 31 May 2001 10:38:50 +0930, David Rowlands wrote:

> However, I now want to have masquerading running for all IP's in the
subnet
> but 3. Using DENY won't do, since those machines still need access to the
> box doing masquerading, I just don't want their packets masqueraded. I
can't
> work out a way to use the ! (invert) work either for 3 addresses.

Assuming you're appending to the 'forward' chain, I can't see why you
couldn't use DENY. It doesn't stop the machine from accepting
connections from those IPs, but stops it from masquerading those IPs.

Or did I miss something huge and obvious?

   - andrew

-- 
Andrew Reid                   email: andrew.reid@plug.cx
                              www:   http://www.plug.cx
"A school without students    phone: +61 401 946 813
 is like an ointment
 without a fly"

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject