The Answer Guy
The Answer Guy
IP and Sendmail Masquerading over a CablemodemFrom Marty Leisner on 22 Sep 1998
I read your column in the May LG. (I'm behind on my reading
)
I recently (last month) got a cable modem and hooked up a masquerading firewall...
On the firewall machine, I have the rule:
ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
I got this of the IP-masquerade howto...
I'm not sure if its the same as the rule:
ipfwadm -F -a accept -m -S 192.168.1.0/24 -D any
Mine is similar, all 253 of the 192.168.1.* through the 192.168.254.* class C address blocks are reserved for "private net" addressing (use behind proxying firewalls, masquerading/NAT (network address translation) routers, and on disconnected LAN's).
I've heard conflicting reports about using 192.168.0.* and 192.168.255.* (the first and the last of this range). So I don't recommend it. If you needed a very large network of "private net" (RFC 1918 --- aka RFC 1597) addresses you could also use 172.16.*.* through 172.31.*.* --- that's sixteen adjacent class B networks, or your could use 10.*.*.* --- a full class A.
Also, you sendmail .mc:
-- FEATURE(always_add_domain)dnl FEATURE(allmasquerade)dnl FEATURE(always_add_domain)dnl FEATURE(masquerade_envelope)dnl MASQUERADE_AS($YOURHOST)dnl
adds always_add_domain twice...
Is $YOURHOST defined someplace (I just went through the work
of configuring sendmail a few weeks ago).
The Feynman problem solving Algorithm
--- Murray Gell-mann in the NY Times
![[ Answer Guy Index ]](../../gx/dennis/answernew.gif) |
floppy | autocad | scsi | samba_pdc | virthost |
| emacs_cc | ipmasq | tty | shuffle | connect | |
| hostavail | desqview | catch22 | thanks2 | typo |
![[ Table Of Contents ]](../../gx/indexnew.gif)
![[ Front Page ]](../../gx/homenew.gif)
![[ Previous Section ]](../../gx/back2.gif)
![[ Next Section ]](../../gx/fwd.gif)