Re: dialup solution (as seconary connection / iptables )
- From: Felix Tiede <f.tiede@xxxxxx>
- Date: Tue, 25 Nov 2008 05:51:43 +0100
sammy wrote:
Greetings,
Let me first ask in short the most pressing IPTABLES question.
1. Where and how do I alter the source IP to my ppp0 internet IP.
Given I already have:
Have a look at /etc/ppp/ip-up.d and /etc/ppp/ip-down.d - you can put scripts
there which are executed on dialing a connection and on hang up. You'd need
to figure out if the correct connection has been dialed or hanged up and
execute all you want. Have a look at
# iptables -R
it allows you to specify the number (counting from 1 as the top-most rule of
the specified chain) of the rule you want to replace. Change it when you
dialed in and change it back when you hanged up.
route add my.news.ip.num my.isp.gateway
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT
--to-destination 64.news.ip.num
This one should be set up in your iptables init script, so it is already
there when you dial in to your ISP.
?? t -nat -A POSTROUTING &&&& -j SNAT --from-source my.1.2.ip
You don't need it.
2. Will this complicated translation be automaticaly reversed for
returning packets or do I need 2 more rules.
Yes. See above.
The whole problem.
I have been keeping(/paying) my dialup connection for over a year
but didn't get much use out of it since I have to stop all else,
disable nic and dial out to download news.
I have stumbled across IPTABLES in the spring but had no time
for it till now. Thanks to my latest handme-down with working
ISA modem(with slack 12.1 out of the box), I am ready to try again.
I would like to use it to get to my dialup ISP for (at the very least )
news and perhaps it's SMTP and POP3.
Currently I have default route to router and out to DSL internet.
When I dial out I have a HOST route to the ISP, so I guess I have to
manualy add route to one of the 2 news servers, or both.
Is there a good / easy way to monitor ppp0 and add those entries when
it is up?
See /etc/ppp/ip-up.d and /etc/ppp/ip-down.d
[snip]
It is possible I don't have to touch it (routes) when it goes down, but
I think I still need "controler" script to wait for external IP of
the ppp0 and then enter iptables rules and then reemove them.
After rereading
www.iptables-tutorials.frozentux.net/iptables-tutorials.html
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT
--to-destination 64.news.ip.num
You should rather set up your news-reader to use 64.news.ip.num as news
source, masquerading your connection after dialup (see below) would do the
rest then.
I quickly realized by watching ppp0 with tcpdump that the return address
is my local address of the originating machine ( 192.168.0.5 ).
This made me search for more examples to see wheather or not I could
just append --from-source 192.168.0.5/24 ( or even /28) to that rule
but... no luck.
Also stumbled again on the MASQUERADE target section , but that would
not translate the destination .
Am I supposet to DNAT then masquarade? Where would I insert the rule
that jumps to MASQUERADE
You should masquerade your outgoing connections like this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
which you can do as well from ppp's ip-up scripts.
HTH,
Felix
.
- Follow-Ups:
- Re: dialup solution (as seconary connection / iptables )
- From: Moe Trin
- Re: dialup solution (as seconary connection / iptables )
- From: sammy
- Re: dialup solution (as seconary connection / iptables )
- References:
- Prev by Date: Re: Protected folder on Apache/Linux
- Next by Date: Re: Protected folder on Apache/Linux
- Previous by thread: dialup solution (as seconary connection / iptables )
- Next by thread: Re: dialup solution (as seconary connection / iptables )
- Index(es):
Relevant Pages
|
