[3558] in linux-net channel archive
Re: PPP and two boxes???
daemon@ATHENA.MIT.EDU (Philippe Strauss)
Mon Jul 1 12:47:27 1996
Date: Mon, 01 Jul 1996 17:21:53 +0200
From: Philippe Strauss <philippe.strauss@urbanet.ch>
To: "Hubert A. Bahr" <hab@ece.engr.ucf.edu>
CC: linux-net@vger.rutgers.edu, linux-ppp@vger.rutgers.edu
Hubert A. Bahr wrote:
> I just came to the conclusion that Firewall / masquerading was the
> correct way to do this. Unfortunately, I am still struggling with the docs
> and trial and error to get it set up. Does anyone have this setup with
> a dynamic assigned IP assignment for the internet connection with ethernet
> for the private network. A set of samples may wash the mud off my glasses.
>
> Thanks
> Hubert
I'm a lucky guy with a *fixed* IP over a HF modem on Cable TV. My local
network is my father's PC with IP 192.168.2.2. My own PC is gateway between
local network 192.168.2.0 and INet provider network, each on an separated NIC.
I use masquerading for connecting my father's PC on INet despite the fact that
only one IP as been given by the provider. In my rc.inet1 i've put:
NETMASK="255.255.255.224"
BROADCAST="194.235.55.127"
echo "Attaching eth0"
/sbin/ifconfig eth0 urbaphilou netmask ${NETMASK} broadcast ${BROADCAST}
echo "Adding route for internet"
/sbin/route add urbanet netmask ${NETMASK}
echo "Adding route to default gateway"
/sbin/route add default gw gateway metric 1
echo "Attaching eth1"
/sbin/ifconfig eth1 localphilou
echo "Adding route for localnet"
/sbin/route add localnet
echo "Fireing up some firewall rules (masquerading)"
/sbin/ipfwadm -F -a accept -S localnet/24 -D 0.0.0.0/0 -m &
(eth0 is connected on HF modem, eth1 on local network)
The command ipfwadm come from ipfwadm-2.1. You must enable ip forwarding to do
maquerading, since firewalling is done now at the network layer level.
Forwarding was not allowed with firewalling software like socks or TIS, witch
is out of scope for your problem.
The & at the and of ipfwadm is because of a problem that i'm still unable to
solve.
When my hardware is cold (maybe HF modem), I must wait approx 3 minutes for
being able to use the Internet. You probably don't need it.
I hope it may help you even if I'm unable to give you any info on that with
dynamic IP
--
Philippe Strauss, CH-1092 Belmont
Private Email: philippe.strauss@urbanet.ch
" Put your hand on a hot stove for a minute, and it seems like an hour.
Sit with a pretty girl for an hour, and it seems like a minute.
THAT's relativity. " Albert Einstein.
