how-to for multihoming

Paul Stanhope fredn1 at
Fri Nov 7 20:08:03 UTC 2003

Am Donnerstag, 7. November 2002 17:55 schrieb Ryan Brown:
> I'm looking to take the dip into using my Linux box as a NAT and
> multihoming 2 connections into it..  Has anyone out there experience in
> this? Perhaps a pointer to a how-to or 2?  Ultimatly, I'd like to use
> Fedora for this as well as my other server applications..

take a look at

fwbuilder is a GUI for iptables etc., it generates a firewall scripts for
various firewalls.

I start mine in:
- rc.local, 
- ifup-post near the end, so that if the connection gets restarted,
  my anti-spoofing rules get updated to the new IP-Adress.

You can get your current IP-Adress into $IP_PPP0 as below and use it
instead of the hard-coded IP-Adress fwbuilder generates. Just edit the 
generated script appropriately.

I start iptables originally with the simple "default deny"s for INPUT, FORWARD
and OUTPUT chains, saved to /etc/sysconfig/iptables so it gets started at boot
time before the dynamic IP-Adress is known.

	# This script will be executed *after* all the other init scripts.
	# You can put your own initialization stuff in here if you don't
	# want to do the full Sys V style init stuff.

	touch /var/lock/subsys/local
	# start NAT firewall:
	echo "starting firewall from rc.local ..."
	IP_PPP0=`/sbin/ifconfig ppp0 2>/dev/null | grep inet | cut -d : -f 2  \
			| cut -d 	\  -f 1`

	if test "$IP_PPP0" = ""; then 
	    echo "no route to timeserver."
	    echo "synchronize system time ..."
	    /usr/sbin/ntpdate -v
	echo "rc.local completed."


	# ...
	# redo Firewall script
	if [ "${DEVICE}" = "ppp0" ]; then
	    logger $"Fred - restarting firewall with new IP ..."
	    logger $"Fred - firewall restarted."

	# Notify programs that have requested notification

	if [ -x /sbin/ifup-local ]; then
	    /sbin/ifup-local ${DEVICE}

	exit 0

> Regards,
> Ryan
> --
> fedora-list mailing list
> fedora-list at

Paul Stanhope
Hartshausen 2
84079 Bruckberg

Tel.:  +49 8765 237
Email: fredn1 at

More information about the fedora-list mailing list