by Hi,
This might be long and rambling, but if you've done something like this before
please drop me a line with any advice you have.
We have a Novell server with 2 network cards, addresses nov1.nov1.nov1.nov1 and
nov2.nov2.nov2.nov2 let's say. We have x machines hooked onto each network,
Dos machines which need TCP/IP routed. One of the machines on the
nov1.nov1.nov1.nov1 network is a Linux machine hooked up to an ISP. The novell
server _does_ route IP, and that part of the setup works fine.
I want to route a packet from anywhere on both networks through the linux
and masquerade for all of them. They are on an unroutable but valid C
network subnetted with 255.255.255.224 (the addresses are unique and real
internet addreses that aren't routed anywhere yet).
Let's say the Linux side of the network is xxx.xxx.xxx.64 and the other
network on the LAN is xxx.xxx.xxx.32, and that the novell server/router is on
xxx.xxx.xxx.65 and xxx.xxx.xxx.34.
First question: Are ping packets masqueraded? When we have the thing set up
right will ping work to test them with? Should I be able to ping from a dos
client through the linux box (masqueraded) and get something back on the dos
client?
Second, is this what I'd do to masquerade (assuming forwarding, firewalling,
and masquerading in the kernel)
ipfwadm -F -a masquerade -S xxx.xxx.xxx.32/27 -D 0.0.0.0
ipfwadm -F -a masquerade -S xxx.xxx.xxx.64/27 -D 0.0.0.0
I tried it, but stuff from the other LAN (the .64 lan) doesn't get through the
linux box. Stuff from the .32 lan does get through, but it wasn't masq'ed so
it doesn't come back.
Do I have to add a forwarding/masquerading rule for packets with -S set to
the novell server address?
Also, can I just do one command:
ipfwadm -F -a masquerade -S xxx.xxx.xxx.0 -D 0.0.0.0
or do I have to do it like I did above?
If I include forwarding and masquerading it _will_ apply any masquerading rules
I gave it before it forwards, right? Nothing seemed to be getting back to
us today.