Re[2]: problem
1. Add this line into /etc/sysctl.conf
net.ipv4.ip_forward = 1
this is the same as ">> echo "1" > /proc/sys/net/ipv4/ip_forward" but you woudn't lose
settings on reboot.
2. Add this strings into your ipchains script or into ipchains rules
EXTERNAL_INTERFACE="eth0" # Internet connected interface
LOCAL_INTERFACE="eth1" # Internal LAN interface 1
LOCALNET="192.168.2.0/24" # Whatever private range you use 1
# set masquerade timeout to 10 hours for tcp connections
ipchains -M -S 36000 0 0
# Don't forward fragments. Assemble before forwarding.
ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY
# Masquerade internal traffic.
# All internal traffic is masqueraded externally.
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
But if you don't want to masqarade all you internal traffic, but need to replicate
only few ports you may use xinet.d daemon.
-----------------------
Best regards,
Alexander.
> On Wed, Sep 15, 2004 at 02:55:58PM +0200, Crc32 wrote:
>> Alle 00:44, giovedì 16 settembre 2004, office ha scritto:
>> > I am trying to configure a Debian mashine to route packets from the network
>> > 192.168.2.0 to/from Internet through interface 193.68.28.142(eth1) eth0 has
>> > an address from192.168.2.0 - 192.168.2.1
>> > I use "ipchains". Could you help me?
>> > Maybe I should configure anything else?
>> > I don't have "iptables" installed
>> >
>> > Stoyan
>> Try enabling ip_forward with this:
>>
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>> ps.
>> Excuse me for my english but i'm an italian guy.
> Your english is perfect. But I have doubts that just enabling routing
> will help. ;) He's having private IP addresses on his local network
> (192.168.2.0/24). Routing may help getting the packets out but they
> won't find their way back in.
> Christoph
> P.S.: Are we all using pseudonyms here now?
> --
> ~
> ~
> ".signature" [Modified] 3 lines --100%-- 3,41 All
Reply to:
- References:
- problem
- From: "office" <office@pirdop.digsys.bg>
- Re: problem
- From: Crc32 <crc32@troppobellissimo.it>
- Re: problem
- From: Christoph Haas <email@christoph-haas.de>