On Sun, 13 Oct 2002 10:16:04 +0200 (CEST), Jean Francois Ortolo wrote: > > > I presume my script should contain these few instructions: > > > > > > --- Beggining of the script > > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > iptables -A FORWARD -i eth1 -j ACCEPT > > > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > route add -net 192.168.1.0 netmask 255.255.255.0 / > > > gw ${IPADDR} dev eth1 > > > --- End of the script > > > > The last line could be either a static route or a dynamic route > > created on-the-fly by pppd. Not sure why you enter it manually. > > > > Thank you very much Sir > > I don't know what should be done to set up the dynamic route between > > eth0 and eth1, in the case of an ADSL connection. > Would you say me how to do this ? What type of ADSL connection is it? What do you mean with "route between eth0 and eth1"? The route between eth0 and eth1, so traffic from the LAN would find its way into the Internet and vice versa, would be the "default route" from your router via PPP/ADSL to the Internet. Usually, pppd would create the default route (into Internet). And on your client hosts in the LAN you would only need a default route to your gateway (the router): ip route add default via ${YOUR_SERVER_IP} or route add default gw ${YOUR_SERVER_IP} If $IPADDR in your example is the external IP address of your gateway (probably a dynamically assigned IP addr), I don't see how above route makes sense. It says that hosts on the network 192.168.1.0/24 are reachable via gateway host $IPADDR on eth1. But the gateway host is localhost, the router with both eth0 and eth1. And you should have a route to 192.168.1.0/24 via eth1 without setting it up manually (run "route" or "ip r s" to see). > Indeed, IP Masquerading is able to take into account all that is > required, in order to make an existing connection coming along, if > this connection was being requested from inside the lan to the > external network. > > However, what happens if the current involved protocol launchs a > request to, let's suppose 113 auth port inside the lan ? It would not be masqueraded because in the postrouting chaing you do only masquerade packets which go out eth0. > There should be then a new connection coming from the outside > network to > the external address of the lan, with a destination port 113, no ? Why "outside network"? It's a connection on the internal interface with a local IP address. > The whole problem is whether or not this kind of authentification, > would > involve specifically a new incoming connection. Is it true ? Not sure whether I understand you. A connection from the LAN to port 113 of your gateway host comes in with a local IP address via the internal interface (eth1) and the input chain. A connection from the Internet to port 113 of your gateway host comes in with a non-local IP addr via the external interface (ppp => eth0) and the input chain and the external IP of as destination address.
Attachment:
pgp00142.pgp
Description: PGP signature