Posted on 1997-11-04
I have set up a LINUX box as a firewall with IP-masquerading. I think I got it all set up correctly after a multitude of trials, but I still have a question. I have a PPP connection to the ISP and an ethernet internal network.
The masquerading HOWTO lists specific commands for setting up the masquerading:
ipfwadm -F -p deny
ipfwadm -F -a m -S XXX.XXX.XXX.0/24 -D 0.0.0.0/0
with an optional -V YYY.YYY.YYY.YYY or -W ifname as options.
When I test it without the options, everything works fine and I can access the internet and newsgroups from any PC on the internal net.
When I specify the -V option with the internal IP address of the LINUX box, I cannot get out. The same applies, when I use the -W option with eth0 as the ifname. If I specify -W ppp0, then everything is fine again.
Is there a security hole, or is this OK?
Again, the ppp0 is the external connection of the firewall, the eth0 is the internal connection.