Internet <--------|Linux Firewall (LF)|------> Internal
Users on the Internet have to be able to initiate a
connection to the LF to get a service.
(Note: the users must give the IP of the LF as the
host they want to connect to)
The connection must be forwarded from the LF to a
machine on the internal network, (The real server)
The real server must know the real IP of the connecting
user. (The service in question is an SNA gateway)
On there way out, the packets must again have there
source address changed so they appear coming from the LF.
'ipfwadm' only supports redirecting to ports on the local
'tproxy' changes the source address.
'redir' changes the source address.
'plug_gw' changes the source address.
In short: I haven't found a way to do this !
[This space desperately left blank]
Rikhardur Egilsson - Domain Administrator - Tel : +354-5695100
Armuli 2 - IS-108 Reykjavik - Iceland - Fax : +354-5695251
email@example.com - Skyrr Ltd - Iceland Information Management