internet forwarding...

[ancalagon]

manolis wrote:
> Simeiwnw oti to exw kataferei me to shorewall pou exw mathei na xeirizomai ta 
> config files tou....
> alla pistebw oti dio treis entoles iptables tha arkousan anti gi'auto....
> 
> Στις Κυρ 11 Ιαν 2004 10:41, ο/η manolis έγραψε:
> 
>>Geia sas paidia,,,
>>
>>Exw mia erwtisi gia iptables....
>>
>>To pc mou einai mandrake linux rithmismeno se static ip 192.168.1.200
>>(eth0) exei internet gateway ena windowsxp pc sto 192.168.1.1.
>>Sto linux pc exw local DNS caching server...
>>Mexri edw ola douleboun kala....
>>Sto linux pc mesw virtual network card (usbnet) einai sindemeno ena ipaq (
>>familiar linux 0.7.2 kernel 2.4.19
>>To ipaq to sikwnw me static ip 192.168.0.202 (usb0 sto ifconfig)
>>h epikinwnia metaksi to linuxpc kai tou ipaq einai mia xara... to ipaq
>>sindeetai gia paradeigma kanonika se local (sto linuxpc) ftp server. Mporei
>>akomi na kanei name resolve gia ekswterika IPs eksaitias tou local DNS
>>server pou exw sto linuxpc... p.x kanontas ping sto www.yahoo.com briskei
>>to ip tou site se noumero kanonika...
>>edw arxizei to problima....
>>den iparxei traffic... diladi den mporei na xrisimopoihsei san internet
>>gateway to 192.168.1.1 oute na to dei out na tou kanei ping...
>>
>>profanws prepei na rithmisw kati me iptables (kata protimisi) wste to
>>traffic apo to ipaq na ginetai forward sto gateway 192.168.1.1
>>Den kserw pws na to kanw auto....
>>Exw diabasei arketa how tos genika gia iptables alla den mporesa na bgalw
>>akrh.....
>>Please help... den nomizw na einai poli diskolh h apanthsh....
>>fantazomai oti einai kati aplo....
>>
>>
>>filika manolis
> 
> 
> 
Yparxoun diaforoi tropoi na kaneis auto pou thes. Tha sou perigrapso 
grigora auton pou xrisimopoio ego sto home network. Einai to 
MASQUERADING. Episis isos na boreis na kaneis bridge tin usb me tin 
ethernet alla den 3ero an kati tetoio tha douleuei kai pos tha to 
kaneis. Ean kapoios 3erei as kanei ena reply na mathoume.

Loipon profanos tha settareis to ipaq na exei os gateway to linux pc.
apo ekei kai pera thes ena noumero apo modules ston kernel sou (boreis 
na ta baleis statically ston pirina alla ta protino os modules).

Networking options-> [*] Network packet filtering (replaces ipchains)
Networking options-> IP: Netfilter Configuration  ---> Kane ta panta 
build os modules

Os epi to pleiston arkei i entoli

modprobe ipt_MASQUERADE

oste na loadaroun ta aparaitita modules.

apo ekei kai pera me to e3is set entolon exeis ena working maquerading:

iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED 
-j ACCEPT
iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

To Masquerading pou sou periegrapsa den einai se kamia periptosi secure.
Episis sou proteino prin na tre3eis autes tis entoles na kaneis ena 
flush ta iptables etsi:

# Flush all tables
iptables -F
iptables -t nat -F
iptables -t mangle -F

Gia peraitero plirofories sou proteino na diabaseis to 
IP-Masquerading-Howto. Einai idiaiteros katatopistiko