Topic: IP Forwarding

[Ashley]

I have installed e-smith as mostly just a router at this point. What I need to have happen is for e-smith not to forward my internal IP to the Internet. I need to have all Internet access look like it's coming from my e-smith external IP. Please help.

Thanks

Ashley

[Klaus Eckert]

what you mean is Network Adress Translation (NAT).
it is standard in SME server.

the server translates your internal adress to the external adress and re-translates the answers for your machine.
all IP-packets from your machine are recoded, sent to the internet.
and the answer-packet are recoded again and then sent to your loacal machine.
nobody knows that your IP is 192.168.xxx.xxx, they always see (for example) 212.145.55.165.

is that what know mean?

cheers klaus

[Andrew Gray]

Simple, use network address translation.  This is easily configured during the setup phase of the e-smith box.  this causes all internal traffic to have it's packets which are heading out to the internet to have thier IP headers modified so that it looks like it is coming from the external interface of your e-smith box.  the packets aren't forwarded, they are translated.

make sense?

- Andy

[Ashley]

Yes, what's happening is that they can see my internal IP and because I use an ISP for my filtering I have students not filtered. What I need to know is how I actually make the IP forwarding stop in SME 5.6. I have researched this for two days and can't figure it out.


Thanks for your help

Ashley

[Klaus Eckert]

how did you see that the ip-adresses are "forwarded" and not translated?

if you checked it with tcpdump, remember the following:
tcpdump translates back the translated internal ip-adresses.
example:
- your internal adresses are 192.168.25.100 - 150, your server ip is 66.111.147.52.
- the NAT changes 192.168.25.110 to 66.111.147.52
- tcpdump checks your settings and changes 66.111.147.52 back to 192.168.25.100, so you can recognize ist better.

that is not a bug or a fault, it's just a "support" for the human species.

cheers klaus

[Andrew Gray]

Yep, your e-smith box is definately translating by default, not acting as a router.  I doubt you own more than 1 real internet IP address, but instead are using free private IP addresses...multiple IP addresses are expensive and rare these days.  

Since the packets are not being forwarded, but instead translated (and then the contents sent with the translated packet headers).  So it is already doing what you wanted it to do.  

If I'm not answering your question here, then give me more info as I must be off the track.

- Andy Gray