[clug-talk] IPCop question

Pete pvdw at criticalcontrol.com
Wed Nov 24 08:24:19 PST 2004


Hey List :

Got an IPCop question, I want to create a cold standby pc in case our 
Nokia/Checkpoint device goes down.
The problem I have is that with Checkpoint one is able to do one-to-one 
NATting.
(x.x.x.179 --> 10.1.0.9)
(x.x.x.180 --> 10.1.0.10)
This can't be done with IPCop AFAIK.

But what can be done is aliasing multiple ip's on the red interface (all 
static IPs x.x.x.176/29) and
then in the port forwarding menu Do something like
Source x.x.x.179 Source Port *
Dest 10.1.0.9 Dest Port *
or
Source x.x.x.180 Source Port 21 (ftp)
Dest 10.1.0.10 Dest Port 21

The part that scares me a bit is this (from IPCop's manual)
On the other hand, if you are providing a server on one of internal 
computers you may need to use multiple aliases on your RED interface.
To use this facility effectively, you may have to adjust IPCop's routing 
tables by hand.

Anybody where and how to do this 'by hand' and what to look for (rule 
order?) ?

Thanks

Pete



More information about the clug-talk mailing list