Re: modem / pon / serial problems
Pigeon wrote:
>
> On the modem box I do
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ipchains -A forward -s 192.168.1.1/32 -d 0.0.0.0/0 -j ACCEPT -b
> ipchains -P forward ACCEPT
> pon ukonline
> ping 195.40.1.36 (this is a ukonline DNS server)
> ... and it works.
>
> I go back to the main box and try and ping the same address, and
> nothing happens.
>
I'm no expert on ipchains (I've only used iptables), but don't you need
to do something for IP Masquerading? In other words, how would the
modem box know how to send the response to the ping back to the "rear"
box? Someone please correct me if I'm wrong.
I've appended the script I used for doing this sort of thing using
iptables. Note the lines involving 'nat'.
It's a shame doing this sort of thing is a bit of a black art (best I
can recall I cobbled this together using someone else's script on the
'Net), but you're getting a router for free, so you can't complain too
much! :-)
#!/bin/sh
#
# ip-up script for IP Masquerading
# Created 10/06/2002 by KGM
# # These variables are for the use of the scripts run by run-parts
PPP_IFACE="$1"
# PPP_TTY="$2"
# PPP_SPEED="$3"
# PPP_LOCAL="$4"
# PPP_REMOTE="$5"
# PPP_IPPARAM="$6"
# Initialization
iptables -F; iptables -t mangle -F
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
# Allow only existing and related connections in
iptables -A FORWARD -i $PPP_IFACE -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
# Allow all connections out
iptables -A FORWARD -i eth0 -o $PPP_IFACE -j ACCEPT
iptables -A FORWARD -j LOG
# Masquerade!
iptables -t nat -A POSTROUTING -o $PPP_IFACE -j MASQUERADE
Reply to: