I know there is a way to do it, but I may need some verification for the listeners out there for what is needed to be done. First some background…
I’m a new System Admin for a small company.
All machines are Win98 and a couple of Win2000 Server. We own a block of public IP addresses. Our ISP (nameless and wireless) uses the first 3 addresses for the cable modems and gateway, ie. xxx.xxx.xxx.3 = cable modem on customer end, xxx.xxx.xxx.2 = cable modem on ISP end, xxx.xxx.xxx.1 = GW. WhenI got here a lot of hacking and virus stuff was very rampant throughout the network. I had to disconnect from the ISP for 5 days while cleaning up the mess of 50 computers infected and infecting each other. That done, the owner of the company wanted my suggestions on firewall products, of course I gave my best sales pitch for Linux and Ipchains. That done, I’m finding that the only way I can get the machines inside the firewall to connect outside of the firewall is to IP Masquerade them. Isthis normal, that is when using ipchains, is masquerading required? I can find no documentation anywhere to support it, but I can’t get connections to the internet through the firewall without it.
Specs: Linux 2.4.3 kernel, ipchains 1.3.10
netstat is as follows:
Dest GW Genmask Flags Iface
xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U eth0
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG eth1
* Where xxx.xxx.xxx.??? is of the same subnet/block of ip’s that we own.
If more information is required, I’ll be more than happy to provide it, just ask. I really need to get rid of the masq’ing and utilizing the routing functions of Linux.
Thanks
