Re: Re[2]: problem

To: debian-firewall@lists.debian.org
Subject: Re: Re[2]: problem
From: Mike Mestnik <cheako911@yahoo.com>
Date: Thu, 16 Sep 2004 15:48:17 -0700 (PDT)
Message-id: <[🔎] 20040916224817.3429.qmail@web11901.mail.yahoo.com>
In-reply-to: <[🔎] 608709009.20040916094647@omegagroup.ru>

--- Êîðíååâ Àëåêñàíäð <akorneev@omegagroup.ru> wrote:

> 1. Add this line into /etc/sysctl.conf
> 
>    net.ipv4.ip_forward = 1
> 
>   this is the same as  ">>  echo "1"  > /proc/sys/net/ipv4/ip_forward"
> but you woudn't lose
>   settings on reboot.
This can be done in /etc/network/options with less typing.
-ip_forward=no
+ip_forward=yes

> 
> 2. Add this strings into your ipchains script or into ipchains rules
> 
>    EXTERNAL_INTERFACE="eth0"               # Internet connected
> interface
>    LOCAL_INTERFACE="eth1"                # Internal LAN interface 1
>    LOCALNET="192.168.2.0/24"             # Whatever private range you
> use 1
> 
>    # set masquerade timeout to 10 hours for tcp connections
>    ipchains -M -S 36000 0 0
>    # Don't forward fragments. Assemble before forwarding.
>    ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY
>    # Masquerade internal traffic.
>    # All internal traffic is masqueraded externally.
>    ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
> 
> But if you don't want to masqarade all you internal traffic, but need to
> replicate
> only few ports you may use xinet.d daemon.
> 
> -----------------------
> 
> Best regards,
> Alexander.
> 
> > On Wed, Sep 15, 2004 at 02:55:58PM +0200, Crc32 wrote:
> >> Alle 00:44, giovedì 16 settembre 2004, office ha scritto:
> >> > I am trying to configure a Debian mashine to route packets from the
> network
> >> > 192.168.2.0 to/from Internet through interface 193.68.28.142(eth1)
> eth0 has
> >> > an address from192.168.2.0 - 192.168.2.1
> >> > I use "ipchains". Could you help me?
> >> > Maybe I should configure anything else?
> >> > I don't have "iptables" installed
> >> >
> >> > Stoyan
> >> Try enabling ip_forward with this:
> >> 
> >>  echo "1"  > /proc/sys/net/ipv4/ip_forward
> >> 
> >> ps.
> >> Excuse me for my english but i'm an italian guy.
> 
> > Your english is perfect. But I have doubts that just enabling routing
> > will help. ;) He's having private IP addresses on his local network
> > (192.168.2.0/24). Routing may help getting the packets out but they
> > won't find their way back in.
> 
> >  Christoph
> 
> > P.S.: Are we all using pseudonyms here now?
> 
> > -- 
> > ~
> > ~
> > ".signature" [Modified] 3 lines --100%--                3,41        
> All
> 
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Reply to:

References:
- Re[2]: problem
  - From: Êîðíååâ Àëåêñàíäð <akorneev@omegagroup.ru>

Prev by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by Date: Debian router with iptables problem
Previous by thread: Re[2]: problem
Next by thread: Debian router with iptables problem
Index(es):
- Date
- Thread