BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IP Masq on Slackware 4.0

Subject: IP Masq on Slackware 4.0
From: krose at theory.lcs.mit.edu (Kyle Rose)
Date: 01 Jul 1999 12:49:10 -0400
In-reply-to: Phil's message of "Thu, 01 Jul 1999 12:29:24 -0400"
References: <377B5E41.15602CAE@ibm.net> <377B8F92.223F5A62@1918.com> <876744uysj.fsf@bigred.lcs.mit.edu> <377B9764.97D943A@1918.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phil <1918 at 1918.com> writes:

> Thanks for the tip Kyle. I don't exactly grasp the sytax of some of ipchains.
> All I really want to do is allow private network clients (192.168.1.*) to
> connect through the gateway (192.168.1.100)  to the ppp0 connection which
> assigns a dynamic IP address. At this point I have no security concerns, once
> the connection and masquerading is up, I'll configure a firewall.
> 
> Would these be enough to accomplish this???:
> 
> ipchains -P forward
> DENY
> # default - deny everything
> ipchains -A forward -j MASQ -s 192.168.0.0/24 -d
> 0.0.0.0/0                         # add - forward masqueraded packets into
> the local network
>  ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
> # add - accept packets from the ethernet card

The last one should not be necessary -- you already accept packets
from the ethernet card, by default.  The second rule should also be
either "-s 192.168.1.0/24" or "-s 192.168.0.0/16". since your local
subnet is 192.168.1.x, not 192.168.0.x.  Otherwise good.

However, your interpretation of the second rule is not really right:
you should think of it like this:

- -A foward
"Add a rule to the forward chain..."

- -s 192.168.1.0/24
"...that, for packets from the 192.168.1.x subnet..."

- -d 0.0.0.0/0
"...going to any destination..."

- -j MASQ
"...causes them to be masqueraded."

This is why I generally put the -j MASQ at the end of the line: it's
the conclusion reached when the antecedents are matched.

Kyle


- - -- 
Kyle R. Rose                      "They can try to bind our arms,
Laboratory for Computer Science    But they cannot chain our minds
MIT NE43-309, 617-253-5883             or hearts..."
http://web.mit.edu/krr/www/                           Stratovarius
krose at theory.lcs.mit.edu                              Forever Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE3e5wE66jzSko6g9wRAkZtAKCIm5xEUs75dHZhQL7Gs5QbXYcq7gCg2laY
i28Ke/9elsGGa77vlDAKqwQ=
=5p7T
-----END PGP SIGNATURE-----
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

Follow-Ups:
- IP Masq
  - From: 1918 at 1918.com (Phil)

References:
- IP Masq on Slackware 4.0
  - From: subb3 at ibm.net (Subba Rao)
- IP Masq on Slackware 4.0
  - From: 1918 at 1918.com (Phil)
- IP Masq on Slackware 4.0
  - From: krose at theory.lcs.mit.edu (Kyle Rose)
- IP Masq on Slackware 4.0
  - From: 1918 at 1918.com (Phil)

Prev by Date: IP Masq on Slackware 4.0
Next by Date: IP Masq
Previous by thread: IP Masq on Slackware 4.0
Next by thread: IP Masq
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org