Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, 20 Aug 1999, Jerry Feldman {75562} wrote: > Derek Martin wrote: > > > 3.1 Rusty's Three-Line Guide To Masquerading > > > > This assumes that your external interface is called `ppp0'. Use ifconfig > > to find out, and adjust to taste. > > > > # ipchains -P forward DENY > > # ipchains -A forward -i ppp0 -j MASQ > > # echo 1 > /proc/sys/net/ipv4/ip_forward > Actually, SuSE sets this up through YaST. There are some variables that one > needs to set in rc.config. In Tony's case, he has M1X, so he has 2 ethernet > cards. I'll send my SuSE config when I get home. I have no idea what M1X is, but the same principal applies. I have mediaone cable modem connected to my eth1 interface and my lan is on my eth0, so I would substitute eth1 (Forward chain rules use the destination interface, not the source interface) for ppp0... except that I'm doing a whole lot more filtering than that. I also use a rule to deny stuff instead of setting the policy, because it seems you can't log packets that are denied by the policy. So, briefly, I would do: ipchains -A forward -i eth1 -p all -j MASQ ipchains -lA forward -p all -j DENY The -p all is optional, and indicates all protocols (TCP, UDP, ICMP). The -l logs the matching packets to syslog. THIS CAN GET MESSY! It's probably not too bad here though. I actually prefer to use source addresses, since I find it less ambiguous. For example, if you are using private address space of 192.168.1.X for your lan, the command would look like this: ipchains -A forward -s 192.168.1.0/24 -p all -j MASQ Derek D. Martin | UNIX System Administrator derek at netria.com | dmartin at lancity.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |