Re: dialup solution (as seconary connection / iptables )

sammy wrote:

Felix Tiede wrote:

sammy wrote:


Greetings,

Let me first ask in short the most pressing IPTABLES question.

1. Where and how do I alter the source IP to my ppp0 internet IP.
Given I already have:


Have a look at /etc/ppp/ip-up.d and /etc/ppp/ip-down.d - you can put
scripts there which are executed on dialing a connection and on hang up.
You'd need to figure out if the correct connection has been dialed or
hanged up and
I suppose that could work if I keep checking IFCONFIG until ppp0 appears.
WOW you are right there is ip-up and ip-down mostly commented out,
and ip-up is around (still running) when network is established. I
thought the ip messages are from pppd as stderr.
..... TOTALLY forgot their existence.
I guess my problem with dropped connection is solved, at first thought
ip-up was fedora equivalent to /usr/sbin/ppp-go ( and stop) and that you
forgot about it going down on it's own.

execute all you want. Have a look at
# iptables -R
it allows you to specify the number (counting from 1 as the top-most rule
of the specified chain) of the rule you want to replace. Change it when
you dialed in and change it back when you hanged up.

iptables -R
Unknown argument in iptables 1.3.8

DID you mean -I 1 ( or is it 0 )

No, I meant -R - it is available, check iptables' man-page, you can not use
it without anything to do.
# iptables -R
fails at my boxes too, but it works very well if used as pointed out by
man-page.



route add my.news.ip.num my.isp.gateway

iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT
--to-destination 64.news.ip.num


This one should be set up in your iptables init script, so it is already
there when you dial in to your ISP.

I do have firewall-masq and firewall-standalone but assuming this is for
single interface (ppp) I haven't given it much consideration.

Well, I configure my iptables without assistance of any tools and IMHO such
tools are not helpful when it comes to out-of-the-ordinary setups as yours.


Currently I have default route to router and out to DSL internet.
When I dial out I have a HOST route to the ISP, so I guess I have to
manualy add << SNIP >>

<< SNIP >>

You should rather set up your news-reader to use 64.news.ip.num as news
source, masquerading your connection after dialup (see below) would do
the rest then.


Oh right (static routes), I can enter redirection for those 3 or 4
addresses based on just ip ( since they don't serve anything else ) into
the router. Only problem is it doesn't let me enter single ip mask,
lucky for me news are 247 and 250 so 255.255.255.240 it is.

If you want to add a single host to the system's routing table, just add the
ip address, prefixed by -host if you want to. You don't need to specify a
netmask then.


<<snip>>
You should masquerade your outgoing connections like this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
which you can do as well from ppp's ip-up scripts.

Well now that may work.

OOOPs the router is not sending the trafic to the modem server.
looks like I am stuck with 192.168.0.6:119 as the news server address.
Unless the conflict is with the fact that the router (netgear WGR614v3 )
has DHCP on (11- ), but I an using all static addresses below that hmmm.
no it shouldn't, that would be a serious bug.

You need to tell your workstations to route traffic to the news server via
modem server. Your DSL router has no business in this. And it will never
do "the right thing" unless you run it with openwrt or something and modify
its routing table manually.


So back to
iptables -t nat -A PREROUTING -j snat --from-source $4 ( $4 in ip-up )
and
-j masquerade

I've fiddled with SNAT once but it didn't help much, most failed because
internet providers don't like packets with obviously modified source ip
addresses.

Greetz,
Felix
.

Relevant Pages

  • Re: dialup solution (as seconary connection / iptables )
    ... it allows you to specify the number (counting from 1 as the top-most rule ... Unknown argument in iptables 1.3.8 ... OOOPs the router is not sending the trafic to the modem server. ... You need to tell your workstations to route traffic to the news server via ...
    (comp.os.linux.networking)
  • iptables can filter by hostname and not ip address ?
    ... i d like to if it s possible to filter by hostname and not by ip address for ... iptables. ... Use our news server 'news.foorum.com' from anywhere. ...
    (comp.os.linux.security)
  • Re: Internet Connect of FC6..
    ... I was just borrowing a co-workers' ADSL internet connection to get some updates and get XGL working... ... Please see to it that iptables is ... I can recommend the router as a GP solution that will give you a much ...
    (Fedora)
  • Re: internet sharing question
    ... tools that will do all the iptables stuff for you. ... Let's assume that eth0 is the interface pointing to the internet, ... same subnet as the eth1 interface on your router box. ... $MODPROBE iptable_filter ...
    (linux.redhat)
  • Re: dialup solution (as seconary connection / iptables )
    ... The above was refering to the netgear router and it's web interface. ... OOOPs the router is not sending the trafic to the modem server. ... looks like I am stuck with 192.168.0.6:119 as the news server address. ... You need to tell your workstations to route traffic to the news server ...
    (comp.os.linux.networking)