I have another idea ... I now think it's much easier than I
thought at first. Do not forward/masquerade the windows machines
until diald brings up the link. Put the appropriate
forwading/masquerading rules in ip-up, and undo them in ip-down.
That's where masquerading rules should go anyway. Simple.
On Fri, 11 Feb 2000, Jacob Joseph wrote:
> Although you could say I've got no idea what I'm talking
> about, I'll throw in my 2 cents. Yes, the latter is no trouble
> at all. For the first suggestion, would it be possible to
> assign an alias IP to your eth0(or 1 or whatever) then set the
> route of one of these IPs to diald's proxy IP and the other to
> simply use the default route. Of course, you would not want
> diald's to be your default. That way, when diald does bring up
> the link, those using the IP which does route to diald as their
> gateway will be able to bring up the link. Otherwise, the
> others would only be able to use the connection when it's up.
> That is, some machines use one gateway and the rest use
> another(the alias). Seems like it should work.
This strikes me as a little wrong. It would probably work, but
working and right are two different things. Figuring out whether
it is right or not is too much work for me right now, and the
method I suggested above works and is right, so case closed. :-)
> One other possiblity is to use IPchains to block the IPs you
> don't want bringing the connection up from sending to the diald
> proxy IP. Actually, this would probably be much easier. The
> route changes when diald comes up, so the IPchains rule would
> then have no affect.
> Does this sound good to all the network-savy people?
> Jacob Joseph
>
> ----- Original Message -----
> From: "Ed Doolittle" <[EMAIL PROTECTED]>
> To: "Murthy Raju" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, February 11, 2000 8:51 AM
> Subject: Re: I want to restrict which machines on the network can make Diald
> bring up a connection
>
>
> > On Fri, 11 Feb 2000, Murthy Raju wrote:
> >
> > > I would like to restrict which machines on the local network can
> > > bring up the connection through Diald. How do I do it?
> >
> > Once the link is up, do you want those machines to still be able
> > to use it? Or do you want them not to access the Internet at all?
> > The latter case is easy (just set firewall rules not to forward
> > the machines you don't want forwarded), the former case seems more
> > difficult. Offhand I can't see how to do it, but there seems to
> > be enough flexibility in diald to enable it.
> >
> > Ed
> >
> > --
> > Ed Doolittle <mailto:[EMAIL PROTECTED]>
> > "Everything we do, we do for a reason." -- Peter O'Chiese
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> > the body of a message to [EMAIL PROTECTED]
> >
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
>
Ed Doolittle <mailto:[EMAIL PROTECTED]>
"Everything we do, we do for a reason." -- Peter O'Chiese
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
