From: Russell Packer <russell.packer@ar...> - 2004-09-21 16:37:04
> -----Original Message-----
> From: devil-linux-discuss-admin@...
> To: devil-linux-discuss@...
> Subject: Re: [Devil-Linux-discuss] Using NAT
> Dominic...take a deep breath.
> You are going to have to read a little.
> The line you have shown below tell me that you don't yet have a grasp
> Who is 12.131? Who is 12.167? Did you subnet 172.16.12 into enough
> subclasses so that .131 is on one network card and .167 is on another?
> When you use the POSTROUTING rule, you are dealing with packets that
> being passed THROUGH the gateway. Does the gateway have .167? If so,
> what is the subnet of the OTHER network card on the gateway? The line
> you typed does not make much sense lest the OTHER network card is on
> same subnet as .131...In other words:
> Eth0: 172.16.12.129 in subnet 172.16.12.128/28
> Eth1: 172.16.12.167 in subnet 172.16.12.160/28
> And you would need a host on Eth0 with IP address 12.131 to make your
> rule valid.
> I will help you...tell me what you want to do, and I will give you the
> rules. That will help you learn.
> But seriously, you are getting stuck on how to use a $5000 super duper
> gas grill, when you have just figured out what fire is. You are going
> to have to learn the basics of TCP/IP. Learning NAT and basic routing
> can only come AFTER you understand ip address schemes, subnetting and
> Don't be discouraged...None of us were born knowing this stuff.
Very true indeed. But one thing that certainly made my life easier was
Fwbuilder; a lovely graphical tool for building firewall rules. I
already had many years experience of firewalls coming from a Checkpoint
Firewall-1 background, but the prospect of learning iptables didn't
really appeal to me. Fwbuilder works "out of the box" with Devil-Linux
in that the scripts it creates can be used without modification. It also
helps with those "stupid" mistakes as a degree of validation is
performed when the rules are complied.