From: Curtis Vaughan <curtis@npc-usa.com>
Date: Wed Jul 24, 2002 09:49:19 US/Pacific
To: Johan Ehnberg <johan@ehnberg.net>, debian-user@lists.debian.org
Subject: Re: Iptables, FreeSwan
On Wednesday, July 24, 2002, at 06:09 , Johan Ehnberg wrote:
I'm not exactly an expert in this area, but here are a few pointers:
Someone please correct me if I'm talking bullshit here.
iface ppp0:0 inet static
address 128.12.13.138
broadcast 128.12.13.255
netmask 255.255.255.254
network 128.12.13.0
In a network, the first address is called "network" and the last
"broadcast". These should not be used by your local computers. The
difference between a configurations network (128.12.13.0) and
broadcast (128.12.13.255) should always be the same as the last bit of
the netmask.
> The block of public IPs is 128.12.13.137 - 141
> (I think there are some errors here, for example broadcast, netmask
and
> network)
This is 5 addresses; you propably have an 8 address block (netw.
broad. and gatew. reserved). Thus, you have a "/29" adress space (29
bits of 32 given, 3 bits (2'3=8 combinations=adresses) for you).
Therefore, the netmask should be 255.255.255.248 (the last can be
counted as 256-nuber of addresses; 256-8=248). If I remember it right,
you can choose between giving the network and broadcast, or netmask
only, as the netmask itself tells what the default network and
broadcast addresses are.
Actually I have a 7 block, but the first and last are unusable. i.e.,
128.12.13.137 and .142.
What happened when I brought ppp0:0 up was that it showed that
correct IP, but P-t-P was also 128.12.13.138. Netmask was, of course,
255.255.255.254
So, how should I do this correctly?
The next question relates to iptables, I believe.
Basically, as I said earlier I will be doing NAT or port forwarding.
So, say someone comes in at 128.12.13.138:81
That then gets forwarded to 10.0.1.1:81
Or, say someone comes in at 128.12.13.139:3264
That get forwarded to 10.0.1.3:3264
Check out:
http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html
Regardless, am I doing the right procedure for picking up the other IP
addresses?
Obviously not since it's not working.
Somebody, help!
Correct me if I'm wrong but this information all goes into my
iptables, right?
Right. But make sure IP forwarding is on.
cat /proc/sys/net/ipv4/ip_forward
should be 1, at least on my MASQ box; this can be set at bootup.
And someone please tell me that this is all possible with a single
server acting as the router?
Yes. The power of linux :). I'm running a linux box with file,
routing, firewall etc. etc. on it.
Hope this helps.
Curtis
-- Johan Ehnberg
johan@ehnberg.net
"Windows? No... I don't think so."
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with
a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a
subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org