> I have ipchains running with only these lines in the
> rc.local file
>
> # Starting IP MASQ/IP Chains
>
> echo "Starting IP Chains"
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.0.1/24 -j MASQ
Silly comment: for debugging and traffic monitoring I prefer to specify the
device that is masqueraded that way link up requests etc show the real ip
address rather than the address of the diald device. BTW I use more than
one diald so that's why I wildcard the devices below.
# set policy
ipchains -P forward DENY
# clear any existing rules
ipchains -F forward
# masq local traffic out any ppp connection
ipchains -A forward -s 192.168.0.1/24 -i ppp+ -j MASQ
# forward any local traffic through any diald devices
ipchains -A forward -s 192.168.0.1/24 -i tap+ -j MASQ
ipchains -A forward -s 192.168.0.1/24 -i sl+ -j MASQ
> the 192.168.0.1/24 I hope is for the linux router nubble at
> 192.168.0.1 port 24
The /24 designates the number of bits used in the netmask netmask (not a
port), it's as if you'd written 192.168.0.1/255.255.255.0
> the kernel is 2.2.36? well anyway its redhat 6.1
kernel 2.2.x doesn't go that high. Try 'uname -r' to get the version.
2.2.12-22 is likely.
ICMP masquerading is the default on RedHat kernels.
The next step is making sure you actually turned on forwarding.
'cat /proc/sys/net/ip4v/ip_forward' if it says '0' that's your problem.
'echo 1 > /proc/sys/net/ip4v/ip_forward' for now and edit
/etc/sysconfig/network so FORWARD_IPV4="yes" so it'll be done automatically
for you at the next reboot.
Lourdes
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
