Re: Iptables, FreeSwan
On Wednesday, July 24, 2002, at 06:09 , Johan Ehnberg wrote:
I'm not exactly an expert in this area, but here are a few pointers:
Someone please correct me if I'm talking bullshit here.
iface ppp0:0 inet static
address 128.12.13.138
broadcast 128.12.13.255
netmask 255.255.255.254
network 128.12.13.0
In a network, the first address is called "network" and the last
"broadcast". These should not be used by your local computers. The
difference between a configurations network (128.12.13.0) and broadcast
(128.12.13.255) should always be the same as the last bit of the
netmask.
> The block of public IPs is 128.12.13.137 - 141
> (I think there are some errors here, for example broadcast, netmask
and
> network)
This is 5 addresses; you propably have an 8 address block (netw. broad.
and gatew. reserved). Thus, you have a "/29" adress space (29 bits of
32 given, 3 bits (2'3=8 combinations=adresses) for you). Therefore, the
netmask should be 255.255.255.248 (the last can be counted as 256-nuber
of addresses; 256-8=248). If I remember it right, you can choose
between giving the network and broadcast, or netmask only, as the
netmask itself tells what the default network and broadcast addresses
are.
Actually I have a 7 block, but the first and last are unusable. i.e.,
128.12.13.137 and .142.
What happened when I brought ppp0:0 up was that it showed that correct
IP, but P-t-P was also 128.12.13.138. Netmask was, of course,
255.255.255.254
So, how should I do this correctly?
The next question relates to iptables, I believe.
Basically, as I said earlier I will be doing NAT or port forwarding.
So, say someone comes in at 128.12.13.138:81
That then gets forwarded to 10.0.1.1:81
Or, say someone comes in at 128.12.13.139:3264
That get forwarded to 10.0.1.3:3264
Check out:
http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html
Regardless, am I doing the right procedure for picking up the other IP
addresses?
Obviously not since it's not working.
Somebody, help!
Correct me if I'm wrong but this information all goes into my
iptables, right?
Right. But make sure IP forwarding is on.
cat /proc/sys/net/ipv4/ip_forward
should be 1, at least on my MASQ box; this can be set at bootup.
And someone please tell me that this is all possible with a single
server acting as the router?
Yes. The power of linux :). I'm running a linux box with file, routing,
firewall etc. etc. on it.
Hope this helps.
Curtis
-- Johan Ehnberg
johan@ehnberg.net
"Windows? No... I don't think so."
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a
subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: