[Posted for Mark Drone]
We're looking for some testers.
http://www.tech-geeks.org/contrib/mdrone/1-to-1/Background: When SME/E-smith 5.0-->5.5 were using the ipchains system, Abe wrote a magnificent 1-to-1 NAT hack that allowed external IP traffic to target internal IP addresses. When iptables was introduced with v5.6, it put Abe's most excellent hack on the shelf.
Now for the good news! Chris Watkins resurrected the project and did the groundwork for porting Abe's scripts to work with iptables. In the process, we also decided to template the system in order to make the system generate the changes within the /etc/rc.d/init.d/masq script, instead of issuing the commands afterward in the /etc/rc7.d sequence. We have tested it successfully in a small sandbox lab and were pleased with the results. Big kudos to Abe and Chris for their great work.
Take a look at the "readme.txt" file for installation instructions. A more formal "how-to" will be posted on
http://www.tech-geeks.org after some field testing. Make sure the shell scripts are chmod 700 and the makefrag.pl script is chmod 755. Run everything as root.
CAVEAT LECTOR:
A) This will only work with SME/E-smith v5.6/6.0. If you try it with a version < 5.6, it may cause problems
B) Applying 1-to-1 NAT to your system will allow ALL TRAFFIC on the assigned external IP address to be directed to the assigned internal IP address. Be sure that appropriate measures have been taken to secure the internal machine that hosts the internal IP address.
Comments and suggestions?
-MD
0 Replies
1729 Views