Re[2]: problem

To: Christoph Haas <email@christoph-haas.de>
Cc: debian-firewall@lists.debian.org
Subject: Re[2]: problem
From: Êîðíååâ Àëåêñàíäð <akorneev@omegagroup.ru>
Date: Thu, 16 Sep 2004 09:46:47 +0600
Message-id: <[🔎] 608709009.20040916094647@omegagroup.ru>
Reply-to: Êîðíååâ Àëåêñàíäð <akorneev@omegagroup.ru>
In-reply-to: <[🔎] 20040915132014.GA17320@workaround.org>
References: <[🔎] 001e01c49b75$8e4b6080$8e1c44c1@digsys.bg> <[🔎] 200409151455.58826.crc32@troppobellissimo.it> <[🔎] 20040915132014.GA17320@workaround.org>

1. Add this line into /etc/sysctl.conf

   net.ipv4.ip_forward = 1

  this is the same as  ">>  echo "1"  > /proc/sys/net/ipv4/ip_forward" but you woudn't lose
  settings on reboot.

2. Add this strings into your ipchains script or into ipchains rules

   EXTERNAL_INTERFACE="eth0"               # Internet connected interface
   LOCAL_INTERFACE="eth1"                # Internal LAN interface 1
   LOCALNET="192.168.2.0/24"             # Whatever private range you use 1

   # set masquerade timeout to 10 hours for tcp connections
   ipchains -M -S 36000 0 0
   # Don't forward fragments. Assemble before forwarding.
   ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY
   # Masquerade internal traffic.
   # All internal traffic is masqueraded externally.
   ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ

But if you don't want to masqarade all you internal traffic, but need to replicate
only few ports you may use xinet.d daemon.

-----------------------

Best regards,
Alexander.

> On Wed, Sep 15, 2004 at 02:55:58PM +0200, Crc32 wrote:
>> Alle 00:44, giovedì 16 settembre 2004, office ha scritto:
>> > I am trying to configure a Debian mashine to route packets from the network
>> > 192.168.2.0 to/from Internet through interface 193.68.28.142(eth1) eth0 has
>> > an address from192.168.2.0 - 192.168.2.1
>> > I use "ipchains". Could you help me?
>> > Maybe I should configure anything else?
>> > I don't have "iptables" installed
>> >
>> > Stoyan
>> Try enabling ip_forward with this:
>> 
>>  echo "1"  > /proc/sys/net/ipv4/ip_forward
>> 
>> ps.
>> Excuse me for my english but i'm an italian guy.

> Your english is perfect. But I have doubts that just enabling routing
> will help. ;) He's having private IP addresses on his local network
> (192.168.2.0/24). Routing may help getting the packets out but they
> won't find their way back in.

>  Christoph

> P.S.: Are we all using pseudonyms here now?

> -- 
> ~
> ~
> ".signature" [Modified] 3 lines --100%--                3,41         All

Reply to:

Follow-Ups:
- Re: Re[2]: problem
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- problem
  - From: "office" <office@pirdop.digsys.bg>
- Re: problem
  - From: Crc32 <crc32@troppobellissimo.it>
- Re: problem
  - From: Christoph Haas <email@christoph-haas.de>

Prev by Date: Re: 3 Connections per host
Next by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Previous by thread: Re: problem
Next by thread: Re: Re[2]: problem
Index(es):
- Date
- Thread