Re: dialup solution (as seconary connection / iptables )

Felix Tiede wrote:
sammy wrote:


Felix Tiede wrote:


sammy wrote:

execute all you want. Have a look at
# iptables -R
it allows you to specify the number (counting from 1 as the top-most rule
of the specified chain) of the rule you want to replace. Change it when
you dialed in and change it back when you hanged up.


iptables -R
Unknown argument in iptables 1.3.8

DID you mean -I 1 ( or is it 0 )


No, I meant -R - it is available, check iptables' man-page, you can not use
it without anything to do.
# iptables -R
fails at my boxes too, but it works very well if used as pointed out by
man-page.



Oh , sorry , acctualy there are no rules on that machine right now , just default ACCEPT policy.

Oh right (static routes), I can enter redirection for those 3 or 4
addresses based on just ip ( since they don't serve anything else ) into
the router. Only problem is it doesn't let me enter single ip mask,
lucky for me news are 247 and 250 so 255.255.255.240 it is.


If you want to add a single host to the system's routing table, just add the
ip address, prefixed by -host if you want to. You don't need to specify a
netmask then.

The above was refering to the netgear router and it's web interface.
I hoped that it could redirect trafic localy, but I guess no luck.



<<snip>>

You should masquerade your outgoing connections like this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
which you can do as well from ppp's ip-up scripts.


Well now that may work.

OOOPs the router is not sending the trafic to the modem server.
looks like I am stuck with 192.168.0.6:119 as the news server address.
Unless the conflict is with the fact that the router (netgear WGR614v3 )
has DHCP on (11- ), but I an using all static addresses below that hmmm.
no it shouldn't, that would be a serious bug.


You need to tell your workstations to route traffic to the news server via
modem server. Your DSL router has no business in this. And it will never
do "the right thing" unless you run it with openwrt or something and modify
its routing table manually.



Not sure what you mean , earlier you sugested to use the real address in the news reader, are you saying I should use IPTABLEs on stations to DNAT to the server and there DNAT to the real address?

or acctualy
route add 64.news.server.ip 192.168.0.6
wouldn't using the local address out right be the same.


So back to
iptables -t nat -A PREROUTING -j snat --from-source $4 ( $4 in ip-up )
and
-j masquerade


I've fiddled with SNAT once but it didn't help much, most failed because
internet providers don't like packets with obviously modified source ip
addresses.

Greetz,
Felix

heh I'll try to keep it a secret, how obwious can it be?
.

Relevant Pages

  • Re: NIS client couldnt log in
    ... >> off iptables, the client bound to the server and all the yptools ... and ypbind in broadcast mode (ypcat and ypwhich would ... >> work at all if i specified the server). ... Further, ypbind uses the ...
    (RedHat)
  • Need help configuring IPtables w/ DMZ, 2 LAN, and INET
    ... I am desperately in need of assistance in configuring an IPtables ... firewall on a Red Hat Linux 9.0 server. ... Chain FORWARD ... tcp dpt:25 flags:0x16/0x02 ...
    (comp.os.linux.networking)
  • Static IP w/ PPPoe xDSL Firewall
    ... iptables -F -t nat ... # Kill malformed XMAS packets ... # Refuse incoming packets pretending to be from the external address. ... # server/client to server query or response ...
    (comp.os.linux.networking)
  • Re: Modprobe question
    ... >> Made some minor changes to iptables and did a restart. ... >> modprobe seems to be doing something but I can't tell what. ... >> course the server seems to be running fine. ...
    (alt.linux)
  • losing connection to server when scanned by nmap - Iptables
    ... The iptables script applied to the NIC is shown below. ... the web server or ssh into the server when I do this scan. ... echo 2> $f ... # Refuse packets claiming to be from a Class A private network. ...
    (comp.security.firewalls)