dialup solution (as seconary connection / iptables )
- From: sammy <sambo@xxxxxxxxxxxx>
- Date: Mon, 24 Nov 2008 22:10:27 -0500
Greetings,
Let me first ask in short the most pressing IPTABLES question.
1. Where and how do I alter the source IP to my ppp0 internet IP.
Given I already have:
route add my.news.ip.num my.isp.gateway
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT --to-destination 64.news.ip.num
?? t -nat -A POSTROUTING &&&& -j SNAT --from-source my.1.2.ip
2. Will this complicated translation be automaticaly reversed for returning packets or do I need 2 more rules.
The whole problem.
I have been keeping(/paying) my dialup connection for over a year
but didn't get much use out of it since I have to stop all else,
disable nic and dial out to download news.
I have stumbled across IPTABLES in the spring but had no time
for it till now. Thanks to my latest handme-down with working
ISA modem(with slack 12.1 out of the box), I am ready to try again.
I would like to use it to get to my dialup ISP for (at the very least ) news and perhaps it's SMTP and POP3.
Currently I have default route to router and out to DSL internet.
When I dial out I have a HOST route to the ISP, so I guess I have to
manualy add route to one of the 2 news servers, or both.
Is there a good / easy way to monitor ppp0 and add those entries when it is up?
It is possible I don't have to touch it (routes) when it goes down, but I think I still need "controler" script to wait for external IP of
the ppp0 and then enter iptables rules and then reemove them.
After rereading www.iptables-tutorials.frozentux.net/iptables-tutorials.html
I started with this, first 2 just out of curiosity, but the log does not seam to match the number of packets sent.
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j LOG --log-level debug
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j LOG --log-tcp-sequence
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT --to-destination 64.news.ip.num
I quickly realized by watching ppp0 with tcpdump that the return address
is my local address of the originating machine ( 192.168.0.5 ).
This made me search for more examples to see wheather or not I could just append --from-source 192.168.0.5/24 ( or even /28) to that rule but... no luck.
Also stumbled again on the MASQUERADE target section , but that would not translate the destination .
Am I supposet to DNAT then masquarade? Where would I insert the rule that jumps to MASQUERADE
Thank you for any pointers on this.
.
- Follow-Ups:
- Re: dialup solution (as seconary connection / iptables )
- From: Felix Tiede
- Re: dialup solution (as seconary connection / iptables )
- Prev by Date: Protected folder on Apache/Linux
- Next by Date: Re: Protected folder on Apache/Linux
- Previous by thread: Protected folder on Apache/Linux
- Next by thread: Re: dialup solution (as seconary connection / iptables )
- Index(es):
Relevant Pages
|
