[rescue] Putting an insecure machine on a network
    Mike F 
    lists at ibrew.net
       
    Tue Mar 21 20:11:08 CST 2006
    
    
  
On Mar 21, 2006, at 8:36 PM, Sheldon T. Hall wrote:
> Mike F said ...
>>
>> That should do what you want to do. Let me know how it goes
>> (or if it doesn't :)
>
> After an appaling amount of fooling around, I've got this:
>
> Insecure laptop on 10.10.10.2, connected to
> Sun's hme0 on 10.10.10.1, in the same box as
> Sun's le0 on 192.168.0.20, which is on a LAN with
> Gateway to 'net on 192.168.0.1.
>
> [Now hear de word o de lawd!]
>
> The laptop can ping 10.10.10.1 and 192.168.0.20 ("far side" of Sun  
> box), but
> not anything else on 192.168.0.0/24.  Laptop cannot ping  
> 192.168.0.1.  No
> ipfilter rules are in place, the ipf.conf file is all comments.
>
> I'm obviously missing something, but what?
>
> -Shel
Ah... I knew I should've mentioned ipnat since you're NAT'ing the  
10.10.10.0/24 network .
So, you need ipnat.conf set up something like:
map le0 10.10.10.0/24 -> 192.168.0.20 portmap tcp/udp 30000:60000
map le0 10.10.10.0/24 -> 192.168.0.20
Then start ipnat with `ipnat -f /etc/opt/ipf/ipnat.conf` or through  
the init script
Hopefully this is the final piece in the puzzle...
- Mike
    
    
More information about the rescue
mailing list