Re: IP forwarding

[Jan Johansson <jan@wenf.org>]

Sorry, that where badly phrased.

<BOX_1>--<BOX_2>--<BOX_3>

To enable contact between BOX_1 and BOX_3 there are two solutions.
(Having different IPs and not thinking about bridging)

1> Set up routing so that BOX_1 knows that BOX_3 is on the other side
of BOX_2. Tell BOX_3 that BOX_1 is on the other side of BOX_2.

2> Set up routing so that BOX_1 knows that BOX_3 is on the other side
of BOX_2. Use NAT to lie for BOX_3 that all traffic is comming from
BOX_2. BOX_3 will find BOX_2 as they are on the same network and no
modification is needed to BOX_3.

If you have control over all three machines I would prefer routing
(Option 1).

Sometimes one wants NAT because.

1) No control over BOX_3.

2) BOX_1 uses a IP adress that is not valid for BOX_3 (for example
192.168.0.0/16, 10.0.0.0/8). This is often the case with Internet
connections.

3) One whish to have added security by hiding adresses and filtering.

This is pretty much what I shortened to "not valid enough". =)

On Mon, Nov 20, 2000 at 06:04:31AM +0000, Richard Oyh wrote:
[..]
> 
> As for ipnat, I was given the impression that based on my network
> setup, I do not need NAT. It is because, I am trying to filter
> traffic to and fro between two different internal networks. However,
> I would like to know what do you meant by address not valid "enough"
> to find their way back. I thought that as long ip forwarding is
> enabled in the firewall, there should be no problem passing traffice
> from one network to another through the firewall.  Forgive me on
> this but my technical grasp of networking is not so strong.
> 
[..]