Re: yet/last problem with masquerading

Sun, 13 Oct 2002 14:10:11 -0400 (EDT) 

Michael Schwendt wrote:

On Sun, 13 Oct 2002 16:07:22 +0200 (CEST), Jean Francois Ortolo wrote:


<..snip..>


No, the path is created when the "default route" is created by
pppd.


<..snip..>





 Otherwise, pppd knows only about eth0, which is the interface

 connected 
to the ADSL modem. pppd knows nothing about eth1, so pppd is unable to

make eth0 and eth1 communicate between each other.



pppd doesn't need to. It creates a default route to ppp0 when the
DSL/PPPoE connection has been established.





  If I understand well that you say, I don't need then to set up any 
route manually, pppd does the job itself.



  I bring up a precision: I have no intention to comply with the 
/etc/ppp/adsl-masquerade

system file, because I use iptables, though this system file uses ipchains.



  In fact, I don't further have the need for knowing my external IP of 
my router, while the firewall I intend to set up will be running. I 
intend to set up all the script instructions in the 
/etc/sysconfig/iptables system file, i.e. both masquerading and 
firewalling instructions, following the syntax of this system file.






In my case, the service/protocol, after having been requested from an 
internal computer in the lan, to the Internet via my router, would

involve an incoming request for authentication, which should be

directed to the internal computer, the problem being to precisely

know, whether or not this incoming request for authentication is part

of an entirely new connection, or is part of the actual connection.





Forget about it when you have a LAN with private IP addresses and a
router with IP Masquerading. You could only redirect port 113 to a
single host in your LAN. I doubt you really need auth/113 and identd
for the outside. It is common to reject external incoming
connections to that port with -j REJECT --reject-with tcp-reset
(that avoids time-outs upon connecting to mail servers).





  Thank you very very much Sir



  So my problem is quite simple:



  1)  Configuring both the xDSL connection and the ppp0 interface with 
neat ,

  2)  Setting up the /etc/sysconfig/iptables with the whole 
masquerading and firewalling iptables rules, with respect to the 
particular syntax of this file.



  Many thanks for your help.



  Best regards.



  Jean Francois Ortolo
































					Reply via email to