how-to for multihoming
Paul Stanhope
fredn1 at gmx.de
Fri Nov 7 20:08:03 UTC 2003
Am Donnerstag, 7. November 2002 17:55 schrieb Ryan Brown:
> I'm looking to take the dip into using my Linux box as a NAT and
> multihoming 2 connections into it.. Has anyone out there experience in
> this? Perhaps a pointer to a how-to or 2? Ultimatly, I'd like to use
> Fedora for this as well as my other server applications..
take a look at http://www.fwbuilder.org/
fwbuilder is a GUI for iptables etc., it generates a firewall scripts for
various firewalls.
I start mine in:
- rc.local,
- ifup-post near the end, so that if the connection gets restarted,
my anti-spoofing rules get updated to the new IP-Adress.
You can get your current IP-Adress into $IP_PPP0 as below and use it
instead of the hard-coded IP-Adress fwbuilder generates. Just edit the
generated script appropriately.
I start iptables originally with the simple "default deny"s for INPUT, FORWARD
and OUTPUT chains, saved to /etc/sysconfig/iptables so it gets started at boot
time before the dynamic IP-Adress is known.
/etc/rc.d/rc.local:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# start NAT firewall:
echo "starting firewall from rc.local ..."
/etc/rc.d/lxFirewall_nat.fw
IP_PPP0=`/sbin/ifconfig ppp0 2>/dev/null | grep inet | cut -d : -f 2 \
| cut -d \ -f 1`
if test "$IP_PPP0" = ""; then
echo "no route to timeserver."
else
echo "synchronize system time ..."
/usr/sbin/ntpdate -v ntp2.fau.de
fi
echo "rc.local completed."
/etc/sysconfig/network-scripts/ifup-post:
# ...
# redo Firewall script
if [ "${DEVICE}" = "ppp0" ]; then
logger $"Fred - restarting firewall with new IP ..."
/etc/rc.d/lxFirewall_nat.fw
logger $"Fred - firewall restarted."
fi
# Notify programs that have requested notification
do_netreport
if [ -x /sbin/ifup-local ]; then
/sbin/ifup-local ${DEVICE}
fi
exit 0
>
> Regards,
>
> Ryan
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-list
--
_______________________________
Paul Stanhope
Hartshausen 2
84079 Bruckberg
Tel.: +49 8765 237
Email: fredn1 at gmx.de
_______________________________
More information about the fedora-list
mailing list