At 09:27 08/09/99 +0200, Thijs Cobben wrote:
>Q: "How can I configure ipfw tables (e.g. using ipfwadm) such that I have a
>physically different machine (internal 192.168.x.x IP-address) as database
>server? Such that all requests entering the firewall IP-address
>(external=ISP-provided) on port 3306 will be forwarded to the internal
>machine? How do i configure 'IP-aliases' such that dbmaster.mydomain.mytld
>refers via DNS to the firewall-IP but is redirected to the internal machine?
>What are the security implications?
>Please (provide pointer to) help?
You can't. Use a transparent proxy such as portfw or delegate.
I suspect that connections may appear to come from the firewall itself -
something to think about if you're doing any host-based authentication.
(I believe it *may* be possible with IP-chains but using a proxy it
probably simpler than upgrading your kernel).