Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router
From: jack (not_at_all.org)
Date: 10/04/03
- Next message: jack: "Re: iptables - "invalid argument" error ?"
- Previous message: David Efflandt: "3Com nic sudden packet loss"
- In reply to: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Next in thread: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Reply: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Reply: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 04 Oct 2003 10:33:25 +0200
martin02 wrote:
OK, the changes You made seem to be correct so far. The trouble You
have now comes from Your routing and iptables setup:
> Changed this to 192.168.1.1:192.168.1.2
Good.
>>>PPPD - Setup "ip-up.local" file. Currently disabled because there is
>>>already a default route that keeps getting recreated to the D-Link
>>>gateway and the packets sent from ppp0 were getting re-routed backwards
>>>back into ppp0 where they came from.
>>> /sbin/route add default $1
>
> Not sure if I am adding a route to ppp0 correctly. Reactivated ip-up.local
> file and changed to the following:
>
> /sbin/route add -host 192.168.1.2 dev ppp0
> /sbin/route add -net 192.168.1.1**
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>
> ** Added the "net" entry because the route entry by itself didn't work. But
> this made no difference. Probably should delete the entry.
>
> The new route does show up in the "route -n" listing once the ppp0
> connection has been established.
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.1.2 0.0.0.0. 255.255.255.0 U 0 0 0 ppp0
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
The first entry here should have a mask of 255.255.255.255, and thus
the flags should read "UH". But this doesn't really change the functio-
nality. Your routing table is correct and should work.
>>On the client that You dial-in from, set 192.168.1.1 (the remote server)
>>as default gateway.
>
>
> Not possible with the Win98 PPPD Client. PPPD needs to assign the default
> gateway to the Win98 client. Apparently, there is no way to do this from
> inside PPPD as best I can tell.
Normally, this should be just ok. I'm not too familiar with Win*, but if
it dials into something, the routing should be using the peer as a gate-
way.
>>iptables -t nat -I POSTROUTING -s 192.168.1.2 -o eth0 -j MASQUERADE
>
> Installed iptables.
>
> Your suggested MASQ line above doesn't work by itself. Keeps getting
> "iptables:target error" even with or without the PPPD client up and
> running.
If You get that error, it might have the following reason: In Your
off-the-shelf kernel, normally the matches and targets for iptables
are compiled in properly. Sometimes, they are compiled as modules.
So if You "lsmod", You should see modules with names like "ip_tables*",
"ipt_*" and the like.
> Manually ran this sequence trying to get your line to be accepted:
> modprobe iptable_nat
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -P FORWARD DROP
> iptables -F FORWARD
> iptables -t nat -F
> iptables -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
> iptables -A FORWARD -j LOG
>
> Then tried different variations of SNAT/MASQURADE, all result in some sort
> of iptables error message:
> iptables -t nat -I POSTROUTING -s 192.168.1.2 -o eth0 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT
> iptables -t nat -I POSTROUTING -s 192.168.1.2 -o eth0 -j MASQUERADE
As said, see whether these targets ("MASQUERADE", "SNAT") are available
in Your kernel.
> It won't take any variation of NAT entry for some reason. :(
>
> I would have thought that "iptables -L nat" would have generated something,
> but it doesn't like that command either.
You forgot the "-t" switch: "iptables -L -t nat" should do the trick,
again as long as the nat table is available.
> Maybe I need some POSTROUTING pre-configuration commands up at the beginning
> of setting up the inital iptables configuration. Something like:
> iptables -P POSTROUTING ACCEPT
> iptables -F POSTROUTING
>
> Just guessing here.
>
> ===============================
> Current output of "iptables -L"
> ===============================
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level warning
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> I don't see a "Chain POSTROUTING" entry. Perhaps I didn't pre-configure it
> first. My guess is that I haven't sucessfully created a POSTROUTING chain
> yet.
Yes and no: "iptables -L" will list the filter table. To list the nat
table with its PREROUTING, POSTROUTING and OUTPUT chains, You need to
add "-t nat" to specify the table to be listed.
In /var/log/messages, You should see some sort of information like:
"iptables: No such table. - Do You need to insmod?"
This would tell You clearly that Your kernel isn't prepared to use
the nat table.
> ====================================
> Output of "ifconfig" with PPPD running
> ====================================
> eth0 Link encap:Ethernet HWaddr 00:E0:18:7E:71:55
> inet addr:192.168.0.133 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2866 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3232 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1967241 (1.8 Mb) TX bytes:394822 (385.5 Kb)
> Interrupt:12 Base address:0x4000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:118 errors:0 dropped:0 overruns:0 frame:0
> TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:7762 (7.5 Kb) TX bytes:7762 (7.5 Kb)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:192.168.1.1 P-t-P:192.168.1.2 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:296 errors:1 dropped:0 overruns:0 frame:0
> TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:29380 (28.6 Kb) TX bytes:10915 (10.6 Kb)
>
>
>>Where here, You can choose whether You match the source address
>>"-s 192.168.1.2" of the peer or the interface "-i ppp0" that those
>>packets arrive on, since that is essentially the same box.
>
>
> Doesn't like the "-i ppp0" at all with your suggested command above so far.
> And it hasn't been too happy with 192.168.1.2 either. :(
OK, the ifconfig information is exactly what You want. This last sen-
tence above goes for the nat table, I assume, because in the filter
table, above, it seems to work with ppp0.
Well, please check Your kernel configuration for nat table support.
Then, try to set the policy of Your FORWARD chain to accept (for
testing, You can later adjust it to Your specific needs). This
should make the httpd of that D-Link accessible for the remote end
of the ppp connection even without masquerading (unless the D-Link
does only accept requests from its own subnet, 192.168.0/24).
I think You're close to the solution of this.
Cheers, Jack.
-- ---------------------------------------------------------------------- My personal reading of the string "MicroSoft" expands to "NanoWeak"...
- Next message: jack: "Re: iptables - "invalid argument" error ?"
- Previous message: David Efflandt: "3Com nic sudden packet loss"
- In reply to: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Next in thread: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Reply: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Reply: martin02: "Re: PPPD server routing problem? Mandrake/mgetty/pppd/D-link router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
