The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Поиск:  Каталог документации

7.31. ( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to PORTFW to several internal machines. How do I do this?

You DON'T do this with MASQ.

MASQ is a 1:Many NAT setup which is the incorrect tool to perform what you are looking for. You are looking for is either Many:Many NAT solution or a Briding setup.

NOTE: For users out there who are thinking about enabling multiple IP addresses on one internal NIC using "IP Alias" and then just PORTFWeding ALL of those ports (0-65535), and and finally use IPROUTE2 to maintain the proper source/destination IP pairs. This has been done SUCCESSFULLY on 2.0.x kernels and less successfully on 2.2.x kernels. Regardless of success, that isn't the proper way to do it, it's a total HACK, and it is not a supported MASQ configuration. Please, give IPTABLES on the 2.4.x kernels a serious look or to a much lesser extent, Section 7.29 IPROUTE2 look for 2.2.x kernels.

Anyway, for forwarding external IP address to internal hosts, you basically have three possibilites:

Though this howto doesn't cover items #1 and #2 yet, email me and I can give you a hand. For item #3, this isn't IPMASQ anymore and thus I can't help you. Fortunately, there are a few HOWTOs out there on the topic:

NOTE: If you have a bridged DSL or Cablemodem connection (not PPPoE), things are a little more difficult because your setup isn't routed. No worries though, check out the Bridge+Firewall Mini HOWTO and the Bridge+Firewall+DSL Mini HOWTO. These HOWTOs will teach you how to get your Linux box to support multiple IP addresses on a single interface!




Спонсоры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2022 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру