Re: Iptables, FreeSwan

To: Curtis Vaughan <curtis@npc-usa.com>, debian-user <debian-user@lists.debian.org>
Subject: Re: Iptables, FreeSwan
From: Johan Ehnberg <johan@ehnberg.net>
Date: Thu, 25 Jul 2002 04:09:15 +0300
Message-id: <[🔎] 3D3F4FBB.30205@ehnberg.net>
References: <[🔎] BDAC2FFF-9F65-11D6-B231-000393934006@npc-usa.com>

I'm not exactly an expert in this area, but here are a few pointers:
Someone please correct me if I'm talking bullshit here.

iface ppp0:0 inet static
        address 128.12.13.138
        broadcast 128.12.13.255
        netmask 255.255.255.254
        network 128.12.13.0

In a network, the first address is called "network" and the last"broadcast". These should not be used by your local computers. Thedifference between a configurations network (128.12.13.0) and broadcast(128.12.13.255) should always be the same as the last bit of the netmask.


> The block of public IPs is 128.12.13.137 - 141
> (I think there are some errors here, for example broadcast, netmask and
> network)

This is 5 addresses; you propably have an 8 address block (netw. broad.and gatew. reserved). Thus, you have a "/29" adress space (29 bits of 32given, 3 bits (2'3=8 combinations=adresses) for you). Therefore, thenetmask should be 255.255.255.248 (the last can be counted as 256-nuberof addresses; 256-8=248). If I remember it right, you can choose betweengiving the network and broadcast, or netmask only, as the netmask itselftells what the default network and broadcast addresses are.

What happened when I brought ppp0:0 up was that it showed that correctIP, but P-t-P was also 128.12.13.138. Netmask was, of course,255.255.255.254
So, how should I do this correctly?


The next question relates to iptables, I believe.

Basically, as I said earlier I will be doing NAT or port forwarding.
So, say someone comes in at 128.12.13.138:81
That then gets forwarded to 10.0.1.1:81

Or, say someone comes in at 128.12.13.139:3264
That get forwarded to 10.0.1.3:3264


Check out:
http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html

Correct me if I'm wrong but this information all goes into my iptables,right?


Right. But make sure IP forwarding is on.

cat /proc/sys/net/ipv4/ip_forward
should be 1, at least on my MASQ box; this can be set at bootup.

And someone please tell me that this is all possible with a singleserver acting as the router?

Yes. The power of linux :). I'm running a linux box with file, routing,firewall etc. etc. on it.



Hope this helps.


Curtis




--
Johan Ehnberg
johan@ehnberg.net
"Windows? No... I don't think so."



--

To UNSUBSCRIBE, email to debian-user-request@lists.debian.orgwith a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Iptables, FreeSwan
  - From: Curtis Vaughan <curtis@npc-usa.com>

References:
- Iptables, FreeSwan
  - From: Curtis Vaughan <curtis@npc-usa.com>

Prev by Date: Re: Kernel panic. No init found
Next by Date: Re: standard Debian kernel .config file
Previous by thread: Iptables, FreeSwan
Next by thread: Re: Iptables, FreeSwan
Index(es):
- Date
- Thread