[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables



On Sun, 4 May 2003, cKBoy wrote:

> Thanks for the info, but in my case I was using instead of me:him, (My
> internal net is 192.168.1.x) I use 192.168.2.89:192.168.3.89.  Then I just
> added a forwarding rule but this was using ipchains, I can't seem to figure
> out how to do it with iptables though. hmmm....
> 
> 
> 
> ----- Original Message -----
> From: <redhat_valhalla yahoo com au>
> To: <valhalla-list redhat com>
> Sent: Sunday, May 04, 2003 9:08 PM
> Subject: Re: iptables
> 
> 
> > On Sun, 4 May 2003, cKBoy wrote:
> >
> > > Hello everyone since we are on this thread anyways, can I ask a question
> > > related to this thread? :)
> > >
> > > My linux box has 2 nic(1 for my cable modem & 1 for my internal network)
> and
> > > 2 dial-in modems .  I have gotten my internal network on the internet,
> but I
> > > can't get my  ppp0 and ppp1 working.  I have been looking for some
> examples
> > > but so far the examples I find are either only for eth0 & eth1 or only
> ppp0
> > > and eth0.  Can anyone tell me the commands I need to be able to forward
> > > packets to my ppp0 & ppp1?


What you have is a routing problem, not forwarding. The approace I
outlined solves that.

Use routing to direct the ordinary flow of traffic. Linux will setup
some standard routes when you initialise interfaces: when you "ifconfig
eth0 192.168.1.1" then Linux expects to use that interface to chat to
all of the 192.168.1.x network.

Sometimes, a computer will stand in for another: it will be a proxy.
Such a case is when another dials in and established a point to point
(ppp usually) connexion.

If you assign IP addresses 192.168.1.[200-250] to dialin connexions, the
computer handling the dialin knows they're there: it has the connexion.
If you use the proxyarp option of ppp, then your server tells other
computers on the LAN that it has the IP address of its dialin clients.

Use tcpdump to monitor traffic on your LAN. You will see a message, "who
has 192.168.1.1" and the reply, "I have 192.168.1.1" and so forth. The
key identifier is the ethernet MAC address.

When one of your computers is responding for two (or more) IP addresses,
you may see something like this:
[root gw ppp]# arp
Address                  HWtype  HWaddress           Flags Mask Iface
magpie.computerdatasafe  ether   00:40:F4:28:A0:3A   C eth1
bobtail.computerdatasaf  ether   00:E0:B8:17:8E:96   C eth1
numbat.computerdatasafe  ether   00:C0:26:2D:BE:12   C eth1
Skink.computerdatasafe.  ether   00:C0:26:2D:BE:12   C eth1
quokka.computerdatasafe  ether   00:C0:4F:7A:A9:7E   C eth1
[root gw ppp]#


Note that two hosts have the same HWaddress. On Numbat, we see:
summer Numbat:~$ /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:C0:26:2D:BE:12
          inet addr:192.168.1.101  Bcast:192.168.1.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:46896057 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57466451 errors:0 dropped:0 overruns:0 carrier:0
          collisions:8268176 txqueuelen:100
          RX bytes:2991769590 (2.7 GiB)  TX bytes:2680563774 (2.4 GiB)
          Interrupt:5 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1306613 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1306613 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:234758126 (223.8 MiB)  TX bytes:234758126 (223.8 MiB)

tun0      Link encap:Point-to-Point Protocol
          inet addr:192.168.1.101  P-t-P:192.168.1.120 Mask:255.255.255.255
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:178 errors:0 dropped:0 overruns:0 frame:0
          TX packets:178 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:11434 (11.1 KiB)  TX bytes:13098 (12.7 KiB)

summer Numbat:~$

You can see that two interfaces, eth0 and tun0, have the same IP
address. Like ppp, tun sets up a point to point connexion.

Note too, the netmask for that interface. 




-- 


Cheers
John.

Please, no off-list mail. You will fall foul of my spam treatment.

Join the "Linux Support by Small Businesses" list at 
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]