Re: New modem and iptables...

2007/10/23, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
2007/10/22, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
2007/10/22, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
2007/10/21, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>:
Antonio wrote:
I installed a new modem ADSL2+ that doesn' t need pppo any longer
because it starts connection by himself

I expect your "modem" is actually a router, and that you can just turn
your Linux firewall off. The router performs firewall and NAT functions
that are perfectly adequate for most people.



--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx


no...when I say modem,I mean modem, even if can start connection by itself...
What is funny is that it has a DHCP server even if it has just a
single Ethernet port :-)
I have a so-called modem, but it really is a router. Like yours, it has
a single ethernet port. Mine's an iconnect 622, and it does pppoe,
pppoa, dhcp, dns relay and some other stuff. However, I set it to
bridging mode and do the pppoe myself.

If you want to persuade me it's a modem, better name it;-)



And for english mother tongue folks....
http://www.dlink.co.uk/?go=jN7uAYLx/oIJaWVUDLYZU93ygJVYLelXSNvhLPG3yV3oVo5+h6ltbNlwaaRp7TosAmu5j3cf/YENBs7k2aXlLkcVsezb

No need, Seamonkey's translate button did better than I expected, and
from there I found English manuals.

It's time to define terms.
"modem" is a contraction of the English words "modulate" and
"demodulate." A modem's function is to translate digital signals from
the computer (originally an RS-242C serial port, but the definition got
bent a little with ADSL) to a form compatible with an analogue phone
line. Basically, electronic versions of sounds - ever listened to a
modem dialing?

ADSL modems have to do a little more, that's where the VPI and VCI stuff
come in.

Once it's doing authentication, despite what Dlink asserts, it's no
longer a modem, it's a router and _it_ has your public Internet address.
It also does NAT (otherwise you couldn't have a private IP address on
your peecees). Because it's doing NAT, nobody outside your LAN can
connect to your systems. For most users, that's a good thing.

If you want to run your own servers (say, for incoming email as I do),
then you must put it into bridged mode, and do the PPPoE stuff, firewall
and NAT in your PC.

A more capable router woould be able to forward incoming connexions,
maybe to different machines: At work, I have incoming ssh directed
directly to my desktop where there are fewer users and I don't have to
worry about ignorant users having weak passwords.


Since this device really is a router and it's running its own DHCP
server, it's highly likely that all the computers


Your DSL-320T should be giving you a 192.168.1.x IP address, and your
default route should be via 192.168.1.1.


Just to be clear, I think you have this setup:
[inet](a)----(b)[DSL-320T](c)----(d)[linuxbox](e)---[switch]-[f][others]

If your device is functioning as a modem, there should be public IP
addresses at (a) and (d)

If as a router, then the public IP addresses will be at (a) and (b).

Note that (a) doesn't have to be a public IP address, some IAPs use
private ones there..

I presume you're either using DHCP on Linuxbox to hand out IP addresses,
or doing it manually. (e) and (f) would have private IP address - I see
you're using 192.168.0.x addresses.

It's a mystery to me why you'd have an IP address of 87.14.136.149.

Could you do this:

traceroute js.id.au
and post the results?

Unfortunately, I use shorewall firewall and my firewalls are a good deal
more complicated than you need, so I can't just post mine as an example/





--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx

Please do not reply off-list

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


traceroute js.id.au
traceroute to js.id.au (58.6.192.22), 30 hops max, 40 byte packets
1 192.168.100.1 (192.168.100.1) 46.106 ms 49.939 ms 53.804 ms
2 * host21-35-static.42-88-b.business.telecomitalia.it (88.42.35.21)
61.902 ms *
3 r-mi224-vl19.opb.interbusiness.it (80.20.6.31) 69.686 ms 73.523
ms 77.453 ms
4 crs-mi002-r-mi255.opb.interbusiness.it (151.99.99.161) 82.330 ms
86.228 ms 91.149 ms
5 r-mi223-vl3.opb.interbusiness.it (151.99.75.149) 94.052 ms
98.191 ms 101.851 ms
6 mil52-ibs-resid-3-it.mil.seabone.net (195.22.196.149) 106.975 ms
47.624 ms 51.540 ms
7 pao1-chi1-racc1.pao.seabone.net (195.22.206.244) 228.412 ms
225.677 ms 229.537 ms
8 g4-2-0.plapx-ar3.ix.singtel.com (198.32.176.188) 251.959 ms
251.667 ms 252.106 ms
9 203.208.148.90 (203.208.148.90) 404.591 ms 414.906 ms 419.282 ms
10 * * *
11 * * *
12 59.154.58.6 (59.154.58.6) 444.200 ms 443.307 ms 435.046 ms
13 gi3-1-0.dsl-lns3.wa.westnet.com.au (202.72.130.158) 440.717 ms
451.093 ms 444.900 ms
14 dsl-58-6-192-22.wa.westnet.com.au (58.6.192.22) 461.703 ms
461.020 ms 453.018 ms

Now I am using PPoE because I suceeded to change setting on the modem
(using M$ Explorer, I don't know why but Save and Reboot doesn't work
in Firefox!!!).

Yes my Linux Box is a Firewall and DHCP server for the network, even
if there is another router acting as a wireless access point giving
IP's (another set of course)
My iptables rules are:
# Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
#-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
COMMIT
# Completed on Fri Feb 21 09:27:33 2003
# Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
*mangle
:PREROUTING ACCEPT [9:432]
:INPUT ACCEPT [3:234]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:684]
:POSTROUTING ACCEPT [17:1292]
COMMIT
# Completed on Fri Feb 21 09:27:33 2003
# Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
COMMIT
# Completed on Fri Feb 21 09:27:33 2003

It is funny what happened because I changed my old modem (that had
standard setting from my ISP, using PPoE) to an ADSL2+ modem (D-link I
mean) and I thought that unplugging the old one and plugging the new
one should make system works with no break, but it was not
true!!!....I guess that also many Windows users shoul kill the
Internet connection created and let the modem manage connection!!!!
As usual many useless pages on the manual, but no word about PPoE,
bridging etc.....

Tnx for help

--
Antonio Montagnani
Skype : antoniomontag

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list