Re: dialup solution (as seconary connection / iptables )
- From: Clifford Kite <kite@xxxxxxxxxxxxxxxxx>
- Date: Sat, 29 Nov 2008 22:18:59 -0600
sammy <sambo@xxxxxxxxxxxx> wrote:
Clifford Kite wrote:
To try and find out what is wrong the dialout program or script should
be set for verbose logging, for chat that would be -vs. Then you can add
daemon.*;local2.* /var/log/ppp.log
It works when pppd is setup for script but doesn't run ip-up/down.
Sorry, "setup for script" doesn't ring any bells. But the modem
connection must complete before pppd can bring up the PPP link and so
run ip-up/ip-down.
If you use the Linux box and route the news IP address to it on eachAs far as I know you can only route through machine directly connected
of the other LAN boxes then you shouldn't need to disable the NIC.
DSL and dialup PPP can both be available at the same time.
On the dialup host you would need IP forwarding enabled and
route add news.ip.num gw $5 $1
iptables -t nat -A POSTROUTING -o $1 -j SNAT --to-source $4
in up-up, with no default route for the PPP interface if you want to
also be able to access the Internet with other types of connections
from the dialup via DSL routing.
On the other LAN hosts you should only need
route add news.ip.num gw 192.168.0.6 ethx
where 192.168.0.6 (or whatever) is the LAN IP address of the dialup and
ethx is the host's Ethernet interface. Of course news.ip.num is the IP
address of the external news server.
and in my case directly connected to all machines is the netgear
concentrator (since it's routing capability is questionable )
Can the machines on the LAN talk with one another? If so then it seems
to me that the routings suggested should work. They both say essentially
"if the packet is for news.ip.num then send it to the designated gateway."
In the first instance the gateway is the PPP server and in the second
it's the dialup host. In both instances the packet should be sent, the
first instance because the interface is a PPP connection to the server and
the second because the gateway is in the same network as the sending host.
When I make ppp connection one of the messages is:
"not changing default route" (through the router)
That's an informational message from pppd. Pppd sees a default route
already set and refuses to override it with one of it's own. IIRC that
is the case even with the pppd defaultroute option.
I guess that's something to reconsider since I am not expectiong
to work from that machine but may wish to share drive space.
It's not clear to me how a default route affects sharing drive space.
This is more or less what I would like to run from ip-up when I get it
going.
news.sh $4 $5
#!/bin/sh
echo "adding " $1 >/dev/tty0
I think you may really want this message to appear on the terminal from
which pppd is launched. If so then you should use something like
export TTY=$(tty); news.sh $4 $5
in ip-up and use
echo "adding " $1 > $TTY
in news.sh instead of the echo to /dev/tty0. Unless you know echo
redirection to /dev/tty0 works for you of course. :)
route add news.serv1 $2
route add news.serv2 $2
This doesn't make sense to me. Does route really know what to do with the
second IP address ($2)?
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j LOG
--log-tcp-sequence
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.6 --dport 119 -j DNAT
--to-destination news.serv2
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
This can substitute for SNAT since MASQ is just automatic SNAT in the
sense that the --to-source IP address selected is that of the outbound
interface.
should second rule (DNAT) be in INPUT chain?
"man iptables" says DNAT is only permitted in the PREROUTING and OUTPUT
chains and user defined chains called from those chains. But I'm not
sure that the second rule will work since the packet has arrived on the
destination IP address's interface. The DNAT examples I've seen are for
packets that come in on one interface and are forwarded through another
interface to the destination host.
This gets packets back to the modem server but I am not
sure how to procceed from here since there are 2 possible clients,
(...5 and ...9 ) short of hardcoding it for one of them with
iptables -t NAT -A INPUT -s news.serv1 -j DNAT --to-destination
192.168.0.9
or ...5
Do I need to mark the connection or ..?
There's a lot I don't know about iptables and I've never used DNAT.
That's why my suggestions included routing that I think should work
instead of DNAT.
--
Clifford Kite
/* ... packets usually cross many administrative boundaries on their way
from a source to a destination and often the only point of agreement
between those separate administrations is that all problems are someone
else's fault. --Van Jacobson, abstract of April 97 MSRI talk */
.
- References:
- dialup solution (as seconary connection / iptables )
- From: sammy
- Re: dialup solution (as seconary connection / iptables )
- From: Felix Tiede
- Re: dialup solution (as seconary connection / iptables )
- From: sammy
- Re: dialup solution (as seconary connection / iptables )
- From: Felix Tiede
- Re: dialup solution (as seconary connection / iptables )
- From: sammy
- Re: dialup solution (as seconary connection / iptables )
- From: Felix Tiede
- Re: dialup solution (as seconary connection / iptables )
- From: sammy
- Re: dialup solution (as seconary connection / iptables )
- From: Clifford Kite
- Re: dialup solution (as seconary connection / iptables )
- From: sammy
- dialup solution (as seconary connection / iptables )
- Prev by Date: Re: monit – can't connect from browser
- Next by Date: Re: ad-hoc web server
- Previous by thread: Re: dialup solution (as seconary connection / iptables )
- Next by thread: Re: dialup solution (as seconary connection / iptables )
- Index(es):
Relevant Pages
|
