Re: IP Masq and debian
Lee Bradshaw wrote:
> Hi,
>
> How am I supposed to use the ipmasq package with ppp? Is it possible?
> I tried using 0.0.0.0 as the external ip address, but I received a
> few error messages when booting and I couldn't telnet to the machine
> anymore. I couldn't find any documentation in /usr/doc/ipmasq and the
> man pages just said that there were no useful man pages. After removing
> ipmasq and rebooting telnet to the machine worked fine again.
>
> I executed the following commands to get masquerading to work manually:
>
> ipfwadm -F -p deny
> ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
>
> After changing the default route on another system I was able to bring
> up web pages through the masquerading system.
>
> Does anyone have any suggestions on how to use the ipmasq package with ppp and
> dynamic addresses (I assume it works ok with static addresses)? How about
> suggestions on where to put ipfwadm filtering commands in the initialization
> directories?
>
> --
> Lee Bradshaw lee@sectionIV.com (preferred)
> Alantro Communications lee@alantro.com
>
>
I put the 'ipfwadm' commands in a file called localrc and used the update-rc.d
command to put it as S91 in the startup sequence.
(see /etc/init.d/README for more information)
As far as dynamic ip addressing. I use the option -W ppp0 to indicate the
dynamic port. eg:
ipfwadm -I -a deny -S 192.168.0.0/16 -W ppp0 -o
Will prevent anything from coming over the dialup line pretending to be one of
the private ip numbers, with logging (-o).
Doesn't matter what ip number I received from my ISP.
John.
Reply to: