I have been having trouble forwarding packets using iptables on my
Gentoo box. I am no iptables expert.
I connect to the internet using rp-pppoe. I use firestarter for
firewalling. Yesterday I installed VMware and chose host only
networking between the VMs. vmnet0 was bound to 192.168.128.1 and the
rest of the subnet being 192.168.128.0/24.
As should be obvious by now, I need to forward packets from ppp0 to
vmnet0 and allow outbound packets as well.
Add
net.ipv4.conf.all.forwarding = 1
to
/etc/sysctl.conf
and apply the setting by issuing
sysctl -p
as root.
Issue the command:
iptables -t nat -A POSTROUTING \
-o ppp0 \
--source 192.168.128.0/24 \
-j MASQUERADE
also as root.
You may also want to issue:
iptables -t mangle -A OUTPUT \
-p tcp \
--tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
and possibly
iptables -t mangle -A OUTPUT \
-p tcp \
--tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
as root to help control packet fragmentation.
I believe the iptables init script should handle saving/restoring these
rules on reboot.
I have NO IDEA how to add these iptables rules to firestarter.
You may also try to uncomment CLAMPMSS=1412 in /etc/ppp/pppoe.conf
instead to see if this works with firestarter
connection sharing settings.
And you may try shorewall on your gateway/router
as an alternative to firestarter.
HTH,
Sasha
--
gentoo-user@gentoo.org mailing list
