Re: Modem Gateway
On Thu, 2002-07-18 at 08:47, dan.hunt@st.brieux.com wrote:
--snip
> > This is what I would do, but may not be the most debianised options.
> >
> > 1. Get rip of ipmasq completely. netfilter rocks so much, you don't need
> > it. apt-get remove ipmasq
> >
> > 2. If your not going to use demand dialing (you are going to pon and
> > poff) then remove diald. apt-get remove diald
> >
> > 3. Clear out your iptables firewall completely. the quickest way is
> >
> > for CHAIN in INPUT OUTPUT FORWARD POSTROUTING PREROUTING; do iptables -P
> > $CHAIN ACCEPT; iptables -F $CHAIN; done
> >
> > 4. Get the local network working, and the ppp link up. Make sure you can
> > access the net *from the gateway machine*. The other one wont be able to
> > access the net here. Make sure each internal machine can ping the other.
> >
> > When thats done and the network is working apart from the masquerading.
> >
> > 5. Add a masquerade rule to your POSTROUTING chain on the gateway
> >
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> >
> > 6. Now test that the internal machine can ping the net. Make sure it has
> > its default gateway set to the internal IP of the gateway machine.
> >
> > (on internal machine)
> > route add default gw 192.168.0.1
> >
> > 7. If that works, then you are up and running, but without a firewall!
> > Next step is to write a firewall. When you get to here and its working
> > OK, post back (or even if its not working OK), and we'll go through a
> > straight forward firewall script.
> >
> > Kind Regards
> > Crispin Wellington
>
> I am afraid I did not understand item # 3 above.
> What do I do with this script, or how do I run it?
>
> Does the ";" indicate a carrage return or does this all go on one line?
All on one line is what I intended.
Or you can press return where the semicolons appear instead. Same thing.
I just sets the (P)olicy of each chain to ACCEPT and (F)lushes each
chain in the kernel. (Gives you a blank slate).
Kind Regards
Crispin Wellington
http://www.aeonline.net/crispin/
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: