[H-GEN] IP Aliasing and traffic shapers

Anthony Towns aj at humbug.org.au
Thu Jul 3 04:52:24 EDT 1997 

-----BEGIN PGP SIGNED MESSAGE-----


On Wed, 2 Jul 1997, David Jericho wrote:

> Also, has anyone with a home network and a masq connection happening
> played with name lookup masquerading? 

Ahuh.

navy is set to use 130.102.2.15 and 130.102.128.43 for when it goes to
meetings without azure, while azure is set up to answer any bind
queries that go to or via it.

named is running as normal.

(with some trimming:)

[root at azure ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.105.0   0.0.0.0         255.255.255.0   U     0      0       60 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0       74 lo
 
[root at azure ~]# ipfwadm -I -ln
IP firewall input rules, default policy: accept
type  prot source               destination          ports
acc/r udp  192.168.105.0/24     0.0.0.0/0            * -> 53 => 53

FWIW, any smtp connection is redirected to azure, http requests to
anywhere except azure are directed to the Squid transparent proxy on
azure, proxy requests to azure:8000 are also directed to the
transparent proxy, and http requests directly to azure and sent to the
apache webserver.

Lots of fun.

Now all I need is a transparent ftp proxy. Anyone know how to work
out the intended IP address of a firewall-redirected packet?

> To expand a bit more, I had the transparent proxy rules for
> 192.168.105.0/24 and 192.168.105.107/24 to 0.0.0.0/0 on ports 42/udp,
> 53/tcp and 53/udp redirected to the localhost. I had a caching name server
> on the localhost forwarding to krefti and cuscus.

(42/udp or 42/tcp? /etc/services only lists the tcp service)

That should be fine, I would've thought. The server was resolving
names locally properly? (it wasn't being redirected to itself, for
example) Byron's computer was actually going through meesha, and not a
different machine?

It would probably be a good idea to set up a local domain on meesha,
and see if whichever simpson Byron was using could query that domain
without adding meesha to his resolv.conf or named.boot.

Cheers,
aj

- --
Anthony Towns <aj at humbug.org.au> <http://student.uq.edu.au/~s343676/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

``Like the ski resort of girls looking for husbands and husbands looking
  for girls, the situation is not as symmetrical as it might seem.''

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
Comment: Key available at http://student.uq.edu.au/~s343676/aj_key.asc

iQCVAwUBM7toXORRvX9xctrtAQFHRwP+O6aoaZcYjho0PTSqWp6jeRb55Kfkqae9
ESJesYoq3hRYwqg6oQv4wACgRlg00KKbm3efVZEYxJU3UlMqYArhMFSLXa/f680z
0lVN/+xoYm3AkLHb8Mq30sxjVc3diquAKydiakKGi4kYHrALTIdqBTo9waYY9US+
tQiLXaqzX/E=
=wsV7
-----END PGP SIGNATURE-----

----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe

More information about the General mailing list