Re: Re[2]: problem
--- Êîðíååâ Àëåêñàíäð <akorneev@omegagroup.ru> wrote:
> 1. Add this line into /etc/sysctl.conf
>
> net.ipv4.ip_forward = 1
>
> this is the same as ">> echo "1" > /proc/sys/net/ipv4/ip_forward"
> but you woudn't lose
> settings on reboot.
This can be done in /etc/network/options with less typing.
-ip_forward=no
+ip_forward=yes
>
> 2. Add this strings into your ipchains script or into ipchains rules
>
> EXTERNAL_INTERFACE="eth0" # Internet connected
> interface
> LOCAL_INTERFACE="eth1" # Internal LAN interface 1
> LOCALNET="192.168.2.0/24" # Whatever private range you
> use 1
>
> # set masquerade timeout to 10 hours for tcp connections
> ipchains -M -S 36000 0 0
> # Don't forward fragments. Assemble before forwarding.
> ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY
> # Masquerade internal traffic.
> # All internal traffic is masqueraded externally.
> ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
>
> But if you don't want to masqarade all you internal traffic, but need to
> replicate
> only few ports you may use xinet.d daemon.
>
> -----------------------
>
> Best regards,
> Alexander.
>
> > On Wed, Sep 15, 2004 at 02:55:58PM +0200, Crc32 wrote:
> >> Alle 00:44, giovedì 16 settembre 2004, office ha scritto:
> >> > I am trying to configure a Debian mashine to route packets from the
> network
> >> > 192.168.2.0 to/from Internet through interface 193.68.28.142(eth1)
> eth0 has
> >> > an address from192.168.2.0 - 192.168.2.1
> >> > I use "ipchains". Could you help me?
> >> > Maybe I should configure anything else?
> >> > I don't have "iptables" installed
> >> >
> >> > Stoyan
> >> Try enabling ip_forward with this:
> >>
> >> echo "1" > /proc/sys/net/ipv4/ip_forward
> >>
> >> ps.
> >> Excuse me for my english but i'm an italian guy.
>
> > Your english is perfect. But I have doubts that just enabling routing
> > will help. ;) He's having private IP addresses on his local network
> > (192.168.2.0/24). Routing may help getting the packets out but they
> > won't find their way back in.
>
> > Christoph
>
> > P.S.: Are we all using pseudonyms here now?
>
> > --
> > ~
> > ~
> > ".signature" [Modified] 3 lines --100%-- 3,41
> All
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
Reply to: