[LARTC] Packet rewriting

[LARTC] Packet rewriting

[bert]

<PRE>On Wed, Oct 25, 2000 at 03:31:00PM +0200, Fredrik Rambris wrote:

&gt;<i> [Internet]--[UU-Router.161]--[Firewall.162]
</I>&gt;<i> I want to be able to put a machine behind the firewall on a public
</I>&gt;<i> IP-adress (.163) but still protected by the firewall. I was told that
</I>&gt;<i> this could be done in other firewalls by aliasing the NIC on the outside
</I>
Are you very sure that have not been given yet another net, and that this is
only the uplink LAN? The regular arrangement is to have two nets, and your
.162 machine in both of 'em.

If you really only have one net, you need to do proxy arp for a subnet. This
means that 162 will pretend to be all computers. You also need an extra
ethernet card.

&gt;<i> Is this possible with ipchains and some fancy packetrewriting?
</I>
You're note really rewriting packets, you're just passing them around. I've
built a setup like this and it works.

However, I'm not sure how you setup proxy arp in 2.2. There might be three
ways:

	1) 'arp' 
	2) 'ip neigh'
	3) '/proc/something/proxy_arp'

1) Used to work but I seem to remember that it is now deprecated
2) may work even if 1) doesn't
3) may be the 'new wave', but I'm not sure how it works.

Regards,

bert hubert

-- 
PowerDNS                     Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet


</PRE>