On Sun, 13 Oct 2002 10:16:04 +0200 (CEST), Jean Francois Ortolo wrote:
> > > I presume my script should contain these few instructions:
> > >
> > > --- Beggining of the script
> > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > > iptables -A FORWARD -i eth1 -j ACCEPT
> > >
> > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > > route add -net 192.168.1.0 netmask 255.255.255.0 /
> > > gw ${IPADDR} dev eth1
> > > --- End of the script
> >
> > The last line could be either a static route or a dynamic route
> > created on-the-fly by pppd. Not sure why you enter it manually.
> >
>
> Thank you very much Sir
>
> I don't know what should be done to set up the dynamic route between
>
> eth0 and eth1, in the case of an ADSL connection.
> Would you say me how to do this ?
What type of ADSL connection is it?
What do you mean with "route between eth0 and eth1"? The route
between eth0 and eth1, so traffic from the LAN would find its way
into the Internet and vice versa, would be the "default route" from
your router via PPP/ADSL to the Internet. Usually, pppd would create
the default route (into Internet). And on your client hosts in the
LAN you would only need a default route to your gateway (the
router):
ip route add default via ${YOUR_SERVER_IP}
or
route add default gw ${YOUR_SERVER_IP}
If $IPADDR in your example is the external IP address of your
gateway (probably a dynamically assigned IP addr), I don't see how
above route makes sense. It says that hosts on the network
192.168.1.0/24 are reachable via gateway host $IPADDR on eth1. But
the gateway host is localhost, the router with both eth0 and eth1.
And you should have a route to 192.168.1.0/24 via eth1 without
setting it up manually (run "route" or "ip r s" to see).
> Indeed, IP Masquerading is able to take into account all that is
> required, in order to make an existing connection coming along, if
> this connection was being requested from inside the lan to the
> external network.
>
> However, what happens if the current involved protocol launchs a
> request to, let's suppose 113 auth port inside the lan ?
It would not be masqueraded because in the postrouting chaing you do
only masquerade packets which go out eth0.
> There should be then a new connection coming from the outside
> network to
> the external address of the lan, with a destination port 113, no ?
Why "outside network"? It's a connection on the internal interface
with a local IP address.
> The whole problem is whether or not this kind of authentification,
> would
> involve specifically a new incoming connection. Is it true ?
Not sure whether I understand you. A connection from the LAN to port
113 of your gateway host comes in with a local IP address via the
internal interface (eth1) and the input chain. A connection from the
Internet to port 113 of your gateway host comes in with a non-local
IP addr via the external interface (ppp => eth0) and the input chain
and the external IP of as destination address.
Attachment:
pgp00142.pgp
Description: PGP signature
