Re: Help needed on ip forwarding

From: Bernhard Kastner (bkastner_at_aon.at)
Date: 09/29/04 

Date: Wed, 29 Sep 2004 16:24:05 +0200

Daniel schrieb:
> Here's my current network.
>
> [ADSL modem] -- [ router ] -- [ private LAN ] -- [ my computer ]
>
> My modem gets an external IP from the ISP.
>
> My computer uses an internal IP (192.168.0.*) assigned by the router.
>
>
> What I'd like is to set up a virtual interface and ip
> forwarding/masquerading to 'trick' my
> computer into thinking that it's using the external IP address instead.
>
> This is because certain peer to peer clients work better if they 'think'
> they have
> an external IP address to give to other client on their networks. My
> computer is set as
> the DMZ on the router, so any inbound connection will pass through to my
> computer.
>
> The issue is now how to trick all the applications into thinking they're
> using the
> external IP address on the virtual interface (I have two physical
> interfaces on my
> computer if it makes a difference).
>
> I managed to set the external IP on the virtual interface, but got stuck
> setting up
> the routing tables.
>
> Any help in getting this setup to work would be greatly appreciated.
>
> Thanks in advance,
> Daniel

what kind of router is your router? is it a little box that gave you
your isp or is it a configurable computer?
there are two possibilities: If it is a computer, just set
/proc/sys/net/ipv4/ip_forward to 1 if you really want everything to be
forwarded, which is not recommended for some security reasons.
The second possibility is, you have a little Router, that is no
"computer" and is configurable. In that case, you just have to forward
PORTS, not IPs. that's a big difference. If you want to run eMule, you
have to forward the specific port (both UDP and TCP) to your computer
and nothing more.

But be careful with forwarding ports: some ports are used by malicious
software that wants to enter your network and if your ISP doesn't allow
a server or even a network to be set up by you, you can be detected by
the ISP, when you're running services on a specific port, that is
forwarded. (So never ever forward Port 80 if you're not allowed to runa
a webserver)

Relevant Pages

  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... Assuming that you have firewall protection via your internet router try ... workgroup because it will be needed for the network to work correctly. ... see if you can access TCP ports 139 and 445 on computer one of which at ... permissions. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Setting up local network with router.
    ... I have the exact same router, but that's likely not the problem. ... In network properties, select ... and PPPoE in the eastern part. ... connect to your ISP." ...
    (microsoft.public.win2000.general)
  • Re: preventing username enumeration on NT4
    ... I am the only IT guy for a small network that was ... it appears as though the attacker did nothing more ... Sounds like the server only has one nic and you have a router sitting ... By all means filter ports at the router - starting with the Netbios ...
    (comp.security.misc)
  • Re: preventing username enumeration on NT4
    ... I am the only IT guy for a small network that was ... it appears as though the attacker did nothing more ... Sounds like the server only has one nic and you have a router sitting ... By all means filter ports at the router - starting with the Netbios ...
    (comp.security.misc)
  • Re: preventing username enumeration on NT4
    ... I am the only IT guy for a small network that was ... it appears as though the attacker did nothing more ... Sounds like the server only has one nic and you have a router sitting ... By all means filter ports at the router - starting with the Netbios ...
    (comp.os.ms-windows.nt.admin.security)