No consigo hacer masquerading
Hola, tengo dos ordenadores conectados con plip, y querria hacer masquerading,
aunque no lo consigo. Siguiendo el IP-Masquerading Howto (version para kernels
2.4.x -- iptables), lo maximo que he podido hacer es un ping del cliente a la
direccion IP de ppp0 (a la IP local), pero de ahi no salgo. La verdad es que no
acabo de enterarme con todo el tinglado este del iptables...
Estos son los scripts para iniciar la conexion por plip:
-->servidor<--
valhalla:~# cat /usr/local/bin/plip_on
#!/bin/sh
# Script para activar la conexion por plip con el ordenador 'dante'
/etc/init.d/lprng stop
rmmod lp
modprobe plip
ifconfig plip0 valhalla pointopoint dante
-->cliente<--
dante:~# cat /usr/local/bin/plip_on
#!/bin/sh
# Script para activar la conexion por plip con el ordenador 'valhalla'
/etc/init.d/lprng stop
rmmod lp
modprobe plip
ifconfig plip0 dante pointopoint valhalla
route add default gw valhalla
La configuracion de iptables que he usado es la que aparece en el mismo howto
(la pongo attacheada).
No se en lo que me estoy equivocando, pero creo que es algo de iptables
(quizas), pues al hacer un iptables -L -n no me sale nada
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Gracias por adelantado
--
#!/bin/sh
#
# rc.firewall - v0.50
#
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
echo -e "\n\nIPMASQ *TEST* masq-firewall ruleset - v0.50\n"
# The location of the 'iptables' program
#
# If your Linux distribution came with a copy of iptables, most
# likely it is located in /sbin. If you manually compiled
# iptables, the default location is in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a
# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO compiles ALL IPTABLES
# options as modules. If your kernel is compiled correctly, there is
# NO need to manually load the kernel modules.
#
# NOTE: The following items are listed ONLY for informational reasons.
# There is no reason to manual load these modules unless your
# kernel is either mis-configured or you intentionally disabled
# the kernel module autoloader.
#
# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded:
# ===============================================================
#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated
#Load the geneal IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#Load the SNAT IPTABLES "Masq" code - "ipt_MASQUERADE"
# - Loaded automatically when MASQ functionality is turned on
#Load the stateful connection tracking framework - "ip_conntrack"
#
# This module in itself does nothing without other specific
# conntrack modules being loaded as well
#
# - Loaded automatically when MASQ functionality is enabled
# to properly MASQ protocols such as IRC, FTP, etc.
#Loads the OUTGOING FTP NAT functionality into the core IPTABLES code
#
# Disabled by default -- remove the "#" on the next line to activate
#/sbin/insmod ip_nat_ftp
#Load the INCOMING FTP tracking mechanism for the connection tracking
#code
#
# Disabled by default -- remove the "#" on the next line to activate
#/sbin/insmod ip_conntrack_ftp
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " - Enabling packet forwarding in the kernel"
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo " - Enabling dynamic addressing measures"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet not not
# allow non-initiated traffic into your internal network.
#
# NOTE #3: You must change "eth0" to say "ppp0" if you are a modem user.
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#
echo " - Setting the default FORWARD policy to 'DROP'"
echo " - Enabling SNAT (IPMASQ) functionality on ppp0"
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#$IPTABLES -A FORWARD -s 192.168.1.0/255.255.255.0 -o ppp0
echo -e "\nDone.\n"
Reply to: