Re: Routing recommendations for sharing VPN connection between VBox guest and host

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, Scott... Thanks for the quick reply.

On 08/29/13 08:13 pm, Scott Edwards thus wrote :
> You can enable forwarding via echo 1 > /proc/sys/net/ipv4/ip_forward
> (or something like that, I'm a road warrior right now, no linux box in
> sight)
>
Indeed, this is how I did it, as well as:

echo 1 > /proc/sys/net/ipv4/ppp0/ip_forward

(and ensuring the ipv4/eth0/ip_forward was present)
> As for masqurading, that may be necessary, as Cisco is more strict on
> the IPsec VPN tunnel. The ACL that directs traffic to the VPN is also
> responsible for dropping traffic that does not match.  The only way to
> be rather flexible with that, is to do IPsec over GRE, but this
> clashes with your design needs on a few different angles.
>
Yes.
> If the Linux host has success communicating to the IPsec peer, then it
> should be able to say,
> iptables -A OUTPUT -o ppp0 -j MASQUERADE
>
I think this is where I fell short somehow. I believe I entered this as
a POSTROUTING rule; perhaps that was my error vs OUTPUT (see
http://www.tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/ per the
dial-up connection summary). I did not NAT it, however (as mentioned in
the example). Hmmm...
> I would also check "iptables-save -c" for hit counts, and forwarding,
> and other policy.
>
Good tip; thanks! It surely helps to be able to *see* what's going on
(especially when things don't work as expected!).
> HTH,
>
Indeed. Thanks again for the quick follow-up. I'll give some of this a
test tomorrow and see how I make out.

Cheers

-- 
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, RTRP, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
Need a managed Wi-Fi hotspot?                www.hautspot.com
Warpstock 2013 - Atlanta, GA - Oct 4-6      www.warpstock.org
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux