Re: Modem Gateway

To: debian-user@lists.debian.org
Subject: Re: Modem Gateway
From: Crispin Wellington <crispin@aeonline.net>
Date: 17 Jul 2002 10:25:09 +0800
Message-id: <[🔎] 1026872711.897.21.camel@void>
In-reply-to: <[🔎] 002201c22cd0$8fa0e060$9200a8c0@asc>
References: <[🔎] 1026803121.951.59.camel@void> <[🔎] 002201c22cd0$8fa0e060$9200a8c0@asc>

On Tue, 2002-07-16 at 21:55, dan.hunt wrote:
> 
> ----- Original Message -----
> From: "Crispin Wellington" <crispin@aeonline.net>
> To: <debian-user@lists.debian.org>
> Sent: Tuesday, July 16, 2002 1:05 AM
> Subject: Re: Modem Gateway
> 
> 
> > On Tue, 2002-07-16 at 12:48, dan.hunt wrote:
> > > Hey! I enjoy reading everyone's posts, and I am begining to learn a
> thing or
> > > two. Thanks!
> > > As a fresh "gnubie" my lingering struggle (6 weeks) is restoring
> internet
> > > service to my home after begining my GNU/Linux learning curve with
> Woody.
> > >
> > > I have two machines each with woody and one NIC. I have each NIC working
> and
> > > connected with a crossover cable.  Thanks to the Ethernet-HOWTO. One
> machine
> > > I call DTK has a modem in it that works without M$.
> > > When I type route ( as root ) on the DTK machine It feed me :
> > > Destination : 192.168.0.2
> > > Gateway:       *
> > > Genmask: 255.255.255.255
> > > Flags:  UH
> > > Metric: 1
> > > Ref: 0
> > > Use: 0
> > > Iface: tap0
> >
> > You should probably set DTK to destination: 192.168.0.0 netmask
> > 255.255.255.0 device: eth0
> >
> > I don't know why its tap0. tap0 is mostly used for demand dial. Demand
> > dial is probably using the 192.168.0.* address space to detect for the
> > presence of outgoing traffic. This is clashing with your internal IP
> > address space.
> >
> > You have two options. One, move your intenal machines to another private
> > address block, like 192.168.1.* or 10.0.0.*.
> >
> > Two, (the easiest) go...
> >
> > dpkg-reconfigure --priority=low --frontend=dialog diald
> >
> > Read the first page, select a different ip block and enter something
> > you're never going to use (like 192.168.76.1 and 192.168.76.2)
> >
> > then restart diald (/etc/init.d/diald restart), then bring your
> > interface backup (ifdown -a; ifup -a)
> >
> > Let us know how you go
> >
> > Crispin Wellington
> >
> I took option Two, the easy route to reconfigure diald.
> I read the first page and took it's good advice
> The plog ( I beleive ) showed me the primary dns and secondary dns Thanks!
> I ran pon to connect. The output of the ifconfig then was:
> lo Local Loopback
> ppp0 Point-to-Point Protocol
> tap0 Ethernet
> The interesting bit was the ethernet rx=0 but the tx=118
> lynx wouldn't connect to anything.
> I could ping my ppp0 assigned ip
> I could not ping the Compaq upstairs. From upstairs I could not ping the
> Modem box.
> However no annoying DENY messages when I was pinging.
> I did get deny message from an ip that was not mine.
> I did not set DTK to destination: 192.168.0.0 netmask 255.255.255.0 device:
> eth0
> That would be done by
> 1. ifdown -a
> 2. ifconfig eth0 192.168.0.0 netmask 255.255.255.0
> Right?

If you set up the ip/netmask/dev in /etc/netowrk/interfaces then you can
bring them up/down with ifup and ifdown. But the above commands will
suffice.

> Now do I work on the ...... ?
> A.) the line above
> B.) shutting off the services I don't need yet?
> C.) ipmasq
> D.) reading and re-reading the ipmasq manual

This is what I would do, but may not be the most debianised options.

1. Get rip of ipmasq completely. netfilter rocks so much, you don't need
it. apt-get remove ipmasq

2. If your not going to use demand dialing (you are going to pon and
poff) then remove diald. apt-get remove diald

3. Clear out your iptables firewall completely. the quickest way is

for CHAIN in INPUT OUTPUT FORWARD POSTROUTING PREROUTING; do iptables -P
$CHAIN ACCEPT; iptables -F $CHAIN; done

4. Get the local network working, and the ppp link up. Make sure you can
access the net *from the gateway machine*. The other one wont be able to
access the net here. Make sure each internal machine can ping the other.

When thats done and the network is working apart from the masquerading.

5. Add a masquerade rule to your POSTROUTING chain on the gateway

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

6. Now test that the internal machine can ping the net. Make sure it has
its default gateway set to the internal IP of the gateway machine.

(on internal machine)
route add default gw 192.168.0.1

7. If that works, then you are up and running, but without a firewall!
Next step is to write a firewall. When you get to here and its working
OK, post back (or even if its not working OK), and we'll go through a
straight forward firewall script.

Kind Regards
Crispin Wellington


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Modem Gateway
  - From: Crispin Wellington <crispin@aeonline.net>
- Re: Modem Gateway
  - From: "dan.hunt" <dan.hunt@st.brieux.com>

Prev by Date: Re: spamd (spamassassin) could not start
Next by Date: Xemacs error
Previous by thread: Re: Modem Gateway
Next by thread: Re: Modem Gateway
Index(es):
- Date
- Thread