Re: Modem Gateway

To: dan.hunt@st.brieux.com
Cc: debian-user@lists.debian.org
Subject: Re: Modem Gateway
From: Crispin Wellington <crispin@aeonline.net>
Date: 18 Jul 2002 10:53:15 +0800
Message-id: <[🔎] 1026960797.1389.4.camel@void>
In-reply-to: <[🔎] 3D35BBBF.18653.E423A@localhost>
References: <[🔎] 3D35BBBF.18653.E423A@localhost>

On Thu, 2002-07-18 at 08:47, dan.hunt@st.brieux.com wrote:

--snip

> > This is what I would do, but may not be the most debianised options.
> > 
> > 1. Get rip of ipmasq completely. netfilter rocks so much, you don't need
> > it. apt-get remove ipmasq
> > 
> > 2. If your not going to use demand dialing (you are going to pon and
> > poff) then remove diald. apt-get remove diald
> > 
> > 3. Clear out your iptables firewall completely. the quickest way is
> > 
> > for CHAIN in INPUT OUTPUT FORWARD POSTROUTING PREROUTING; do iptables -P
> > $CHAIN ACCEPT; iptables -F $CHAIN; done
> > 
> > 4. Get the local network working, and the ppp link up. Make sure you can
> > access the net *from the gateway machine*. The other one wont be able to
> > access the net here. Make sure each internal machine can ping the other.
> > 
> > When thats done and the network is working apart from the masquerading.
> > 
> > 5. Add a masquerade rule to your POSTROUTING chain on the gateway
> > 
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > 
> > 6. Now test that the internal machine can ping the net. Make sure it has
> > its default gateway set to the internal IP of the gateway machine.
> > 
> > (on internal machine)
> > route add default gw 192.168.0.1
> > 
> > 7. If that works, then you are up and running, but without a firewall!
> > Next step is to write a firewall. When you get to here and its working
> > OK, post back (or even if its not working OK), and we'll go through a
> > straight forward firewall script.
> > 
> > Kind Regards
> > Crispin Wellington
> 
> I am afraid I did not understand item # 3 above. 
> What do I do with this script, or how do I run it?
> 
> Does the ";" indicate a carrage return or does this all go on one line?

All on one line is what I intended.

Or you can press return where the semicolons appear instead. Same thing.

I just sets the (P)olicy of each chain to ACCEPT and (F)lushes each
chain in the kernel. (Gives you a blank slate).

Kind Regards
Crispin Wellington
http://www.aeonline.net/crispin/



-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Modem Gateway
  - From: dan.hunt@st.brieux.com

References:
- Re: Modem Gateway
  - From: dan.hunt@st.brieux.com

Prev by Date: Ongoing PCMCIA NIC adventures
Next by Date: Re: end off topic discussions
Previous by thread: Re: Modem Gateway
Next by thread: Re: Modem Gateway
Index(es):
- Date
- Thread