iptables question

Bill McGonigle bill at bfccomputing.com
Sat Mar 10 19:24:44 EST 2007


On Mar 9, 2007, at 18:14, David A. Long wrote:

> I have a small sequential block of public IP addresses I would like to
> filter through to matching servers on my private network.  The  
> iptables
> NETMAP target looks like it might do this efficiently (combined with a
> lot of other rules to filter out unwanted traffic).

Just a tip - I've done something similar many years back, but I think  
it wasn't with NETMAP - there might be another way - but:

I do remember banging my head against some 3Com switches for a couple  
hours of following docs and fiddling with rules before I realized  
both IP Forwarding and Proxy ARP had to be turned on for it to work.   
And then the first examples I tried in the initial five minutes  
worked straight away.

That was back when we were figuring out if we should have a firewall  
for our Internet connection.  These days I just setup a pfsense box  
and use 1:1 NAT for this kind of setup.

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
New Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf





More information about the gnhlug-discuss mailing list