[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Iptables, FreeSwan

In relationship to the question and answers below, does anyone know whether maybe it's possible that upon picking up the first IP it also picks up the remaining? Currently, we have the following setup. A router picks up the first address of course, but I programmed it with NAT tables and it works. No where do I say that it has to pick up all the addresses. So, maybe I'm just complicating things. I merely need to pppoe into my isp and setup iptables for the addresses and ports as needed. 

Curtis

Begin forwarded message:


From: Curtis  Vaughan <curtis@npc-usa.com>
Date: Wed Jul 24, 2002  09:49:19  US/Pacific
To: Johan Ehnberg <johan@ehnberg.net>, debian-user@lists.debian.org
Subject: Re: Iptables, FreeSwan


On Wednesday, July 24, 2002, at 06:09 , Johan Ehnberg wrote:


I'm not exactly an expert in this area, but here are a few pointers:
Someone please correct me if I'm talking bullshit here.



iface ppp0:0 inet static
        address 128.12.13.138
        broadcast 128.12.13.255
        netmask 255.255.255.254
        network 128.12.13.0
In a network, the first address is called "network" and the last "broadcast". These should not be used by your local computers. The difference between a configurations network (128.12.13.0) and broadcast (128.12.13.255) should always be the same as the last bit of the netmask. 

> The block of public IPs is 128.12.13.137 - 141
> (I think there are some errors here, for example broadcast, netmask and 
> network)
This is 5 addresses; you propably have an 8 address block (netw. broad. and gatew. reserved). Thus, you have a "/29" adress space (29 bits of 32 given, 3 bits (2'3=8 combinations=adresses) for you). Therefore, the netmask should be 255.255.255.248 (the last can be counted as 256-nuber of addresses; 256-8=248). If I remember it right, you can choose between giving the network and broadcast, or netmask only, as the netmask itself tells what the default network and broadcast addresses are.
Actually I have a 7 block, but the first and last are unusable. i.e., 128.12.13.137 and .142.
What happened when I brought ppp0:0 up was that it showed that correct IP, but P-t-P was also 128.12.13.138. Netmask was, of course, 255.255.255.254 
So, how should I do this correctly?
The next question relates to iptables, I believe.
Basically, as I said earlier I will be doing NAT or port forwarding.
So, say someone comes in at 128.12.13.138:81
That then gets forwarded to 10.0.1.1:81
Or, say someone comes in at 128.12.13.139:3264
That get forwarded to 10.0.1.3:3264


Check out:
http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html
Regardless, am I doing the right procedure for picking up the other IP addresses? 
Obviously not since it's not working.

Somebody, help!
Correct me if I'm wrong but this information all goes into my iptables, right? 

Right. But make sure IP forwarding is on.

cat /proc/sys/net/ipv4/ip_forward
should be 1, at least on my MASQ box; this can be set at bootup.
And someone please tell me that this is all possible with a single server acting as the router?
Yes. The power of linux :). I'm running a linux box with file, routing, firewall etc. etc. on it. 


Hope this helps.

Curtis




-- Johan Ehnberg
johan@ehnberg.net
"Windows? No... I don't think so."
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org 




--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: