Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
Sorry, I am half asleep now.Don't know what exactly I am going to write. Yesterday whole night we where trying to setup a firewall. I was using iptables for the first time Somehow got it working with nat table. But now I have this problem. When I log on to other m/c outside the firewall it says I am from firewall and not from actual m/c. We have another firewall in our campus going past which does not cause such problems. ( If I am from 127.1.2.3, on the other m/c it will still show me to be from 127.1.2.3 and not from firewall). I think they use ipchains. Can some one tell me where to read about this kind of stuff for iptables?.
I suppose you are using NAT , Network Address Translation,
when any machine, behind your firewall communicates,
IP address is rewritten with firewall machine. so it looks all communication is done by your firewall machine.
instead of NAT try IP forwarding.
(I am using IPChains, it was easier to configure.)
What exactly are you trying to do? Do the machines behind the firewall have a public ip or a private ip? If they have a private ip then you will have to use nat like you are doing. And in that case it's not possible to show the real ip to the outside world.
If you have public ip's then you will have to set up your routing tables properly to get things to pass through.
After that you should set up iptables with a good rule set to block unwanted traffic.
We have public ips which can be seen only with in campus. The main gateway do not allow them to go out. ( BW restriction or something ). So from dept if they go out to campus it is fine.
The main reason is, our dhcp clients get reply from other servers and get wrong ips. Also ppl spoof ips and mount our nfs file system. So we don't want the ips used inside to enter through firewall.
The other firewall works with out any routing. I don't know how they do it. ( They gave some command like
arp -h ether -Ds ip pub ). I want something like that. No one should even know what I have done ( No routing changes etc ). But we should be see the network as of now and should be able to block unwanted pkts from comming in.
Sorry for this long reply. But I don't know how clear it is.
--Sarin.
NOTE: As of kernel 2.2.0 it is no longer possible
to set an ARP entry for an entire subnet. Linux
instead does automagic proxy arp when a route
exists and it is forwarding. See arp(7) for
details.
You really should add a route instead of just modifying your arp table like that.
You should really be securing your system by writing a decent ruleset for your firewall. Instead of being afraid of modifying your routing tables because you don't want people to know how your traffic gets routed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
