NAT for SCO Openserver 5.0.4 and 5.0.5
Tony Lawrence
tls709 at ftp://ftp.sco.com/TLS
This is ipfilter for SCO. Ip Filter is a firewall/NAT
translator, which means that a SCO box can finally serve as
a gateway for a private network. All you have to do is
install this on a SCO machine that has access to the
internet, turn on NAT, and tell your other machines that the
SCO box is their default gateway (you'd also need to give
them a DNS server address, but that can be the same DNS your
sco box is using). At that very moment, your entire network
can browse the internet through your SCO machine, no
proxies, just direct.
The configuration of NAT is dead simple: here's the entire
script that I use:
ipnat -f - <<EOF
map net1 10.1.36.0/24 -> 0/32
EOF
My internal network is 10.1.36.0
Ipfilters also offers firewall protection; I'll be writing
about that in a few weeks.
This is GREAT news.
--
Tony Lawrence (to...@aplawrence.com)
SCO articles, help, book reviews, tests,
job listings and more : http://www.ApLawrence.com
Jean-Pierre Radley
|
| The configuration of NAT is dead simple: here's the entire
| script that I use:
|
| ipnat -f - <<EOF
| map net1 10.1.36.0/24 -> 0/32
| EOF
|
| My internal network is 10.1.36.0
|
I "own" a real Class C network from the old days, so most of my
machines are on 198.207.210.x, but I also set up a Windows box on the
non-routable 192.168.210.x network.
So in my case, I have /etc/rc2.d/S92ipfilter, containing:
#!/bin/sh
/usr/local/etc/ipnat -vf /usr/local/etc/ipnatrules
/etc/ifconfig net0 alias 192.168.210.3
/usr/local/etc/ipnatrules is much like Tony's:
map du0 192.168.210.0/24 -> 0/32
The ifconfig command aliases the ethernet card in my main machine, which
is at 198.207.210.3, to also be seen as 192.168.210.3, so that the
Windoze machine at 192.168.210.210 has someone to talk to.
--
JP
- bill -
>
> Boyd Gerber just pointed out to me that SCO has posted
> tls709 at ftp://ftp.sco.com/TLS
>
> This is ipfilter for SCO. Ip Filter is a firewall/NAT
> translator, which means that a SCO box can finally serve as
> a gateway for a private network. All you have to do is
> install this on a SCO machine that has access to the
> internet, turn on NAT, and tell your other machines that the
> SCO box is their default gateway (you'd also need to give
> them a DNS server address, but that can be the same DNS your
> sco box is using). At that very moment, your entire network
> can browse the internet through your SCO machine, no
> proxies, just direct.
>
> script that I use:
>
> ipnat -f - <<EOF
> map net1 10.1.36.0/24 -> 0/32
> EOF
>
> My internal network is 10.1.36.0
>
> about that in a few weeks.
>
> This is GREAT news.
>
> --
> Tony Lawrence (to...@aplawrence.com)
> SCO articles, help, book reviews, tests,
> job listings and more : http://www.ApLawrence.com
--
-bill-
Technical Service Systems - bi...@TechServSys.com
Daniel Frazier
firewall/NAT solution for a while now. It is indeed an excellent
example of what the open source community can produce. If anyone has
any questions or needs any pointers, feel free to drop me a line.
Daniel Frazier
Tony Lawrence wrote:
>
> Boyd Gerber just pointed out to me that SCO has posted
> tls709 at ftp://ftp.sco.com/TLS
>
> This is ipfilter for SCO. Ip Filter is a firewall/NAT
> translator, which means that a SCO box can finally serve as
> a gateway for a private network. All you have to do is
> install this on a SCO machine that has access to the
> internet, turn on NAT, and tell your other machines that the
> SCO box is their default gateway (you'd also need to give
> them a DNS server address, but that can be the same DNS your
> sco box is using). At that very moment, your entire network
> can browse the internet through your SCO machine, no
> proxies, just direct.
>
> The configuration of NAT is dead simple: here's the entire
> script that I use:
>
> ipnat -f - <<EOF
> map net1 10.1.36.0/24 -> 0/32
> EOF
>
> My internal network is 10.1.36.0
>
> Ipfilters also offers firewall protection; I'll be writing
> about that in a few weeks.
>
Tony Lawrence
>
> Wow, that's pretty cool. I've been using IP Filter on FreeBSD as a
> firewall/NAT solution for a while now. It is indeed an excellent
> example of what the open source community can produce. If anyone has
> any questions or needs any pointers, feel free to drop me a line.
Ayup, one question: where can you find the mkilter.pl
script referenced in the man pages?
Jean-Pierre Radley
| Daniel Frazier wrote:
| >
| > Wow, that's pretty cool. I've been using IP Filter on FreeBSD as a
| > firewall/NAT solution for a while now. It is indeed an excellent
| > example of what the open source community can produce. If anyone has
| > any questions or needs any pointers, feel free to drop me a line.
|
|
| Ayup, one question: where can you find the mkilter.pl
| script referenced in the man pages?
You can go to the source in OZ, but as it's not too long, I'm attaching
it herewith.
--
JP
Evan Hunt
Don't blame me, I voted for Tony Lawrence <to...@aplawrence.com>.
You beat me to it, Tony; I was just coming in here to make this same
announcement. Steal my thunder, willya.
But as long as I'm here, I have another one: I'm finally ready with
a DHCP client for 5.0.x, and it'll be online at the same location in
time for Christmas. Makes a great gift. :)
I can also provide it by email for those who wish to be early adopters.
I haven't had much opportunity to test it with different servers, so
a beta site or two wouldn't be a bad thing at all...
--
Evan Hunt - evanh at sco dot com
"doo.hick.ey \'du:-.hik-e-\ n [prob. fr. doodad + hickey]: see DOODAD"
- webster
Tony Lawrence
>
> Don't blame me, I voted for Tony Lawrence <to...@aplawrence.com>.
> >Boyd Gerber just pointed out to me that SCO has posted
> >tls709 at ftp://ftp.sco.com/TLS
>
> You beat me to it, Tony; I was just coming in here to make this same
> announcement. Steal my thunder, willya.
It wasn't my fault, Boyd made me do it!
>
> But as long as I'm here, I have another one: I'm finally ready with
> a DHCP client for 5.0.x, and it'll be online at the same location in
> time for Christmas. Makes a great gift. :)
Better believe it. DSL is FINALLY coming to my town, maybe
this month or next, but the only provider offering it is
Bell Atlantic and they are NOT offering static IP's. So
this is wonderful. More than wonderful, it's WUNNERFUL!
Bill Vermillion
Tony Lawrence <to...@aplawrence.com> wrote:
>Better believe it. DSL is FINALLY coming to my town, maybe
>this month or next, but the only provider offering it is
>Bell Atlantic and they are NOT offering static IP's. So
>this is wonderful. More than wonderful, it's WUNNERFUL!
I was in Bell Alantic's site (physically) in Washington last week
and they are offering 7.1Mbit second in some areas. That's about 4
times higher than I'd seen before.
However - keep your eyes out for resellers, Covad, Rhthyms, and
Telocity come to mind. They are remarketing the xDSL service of
several companies, and are trying to be national providers by
having agreement with the myriad local telcos.
--
Bill Vermillion bv @ wjv.com