Hi all:
I am still having trouble getting a DNS request (or any other
IP connection) to complete from a windoze client through my
linux/diald box using a DYNAMIC assigned address on the ppp
connection. Once the link is up it works fine
When I asked for an example of what was meant by the text in the
diald README.masq... Lourdes Jones suggested:
> # use defines so changes are easier and rules are readable
> INETDEV=ppp0
> DIALDDEV=sl0
> LOCALDEV=eth0
> LOCALNET=192.168.0.0/24
> # set policy so you cannot be used as a relay
> ipchains -P forward DENY
> # clear any existing rules
> ipchains -F forward
> # enable only what you want to have forwarded
> # masq the local traffic out to the internet
> ipchains -A forward -i $INETDEV -s $LOCALNET -j MASQ
> # forward local traffic through the dial device (unchanged)
> ipchains -A forward -i $DIALDDEV -s $LOCALNET -j ACCEPT
> # just an example for a single local network card
> # allow forwarding of traffic destined to the local network
> # through the local network card
> ipchains -A forward -i $LOCALDEV -d $LOCALNET -j ACCEPT
>
[snip...]
>
> The key is having
> echo 2 > /proc/sys/net/ipv4/ip_dynaddr
> echo 1 > /proc/sys/net/ipv4/ip_forward
> set before the rules are created AND having the rules in existence before
> the device is brought up.
>
> Otherwise you have a race between the first packet trying to go out the
> device and the rule that allows it to go through. (The packet almost always
> wins if you are setting the rules in an ip-up script.)
>
Now this seemed to make sense (more sense than adding extra DNS entries
in the DNS server list on the windoze clients) ... so I reworked my
init scripts to initialize ipchains as follows:
DIALDDEV="s10" #the device diald uses
INETDEV="ppp0" #the dynamic ppp device diald creates
LOCALDEV="eth0"
LOCALNET="192.168.0.0/24"
echo 2 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -A forward -s $LOCALNET -i $DIALDDEV -j ACCEPT
ipchains -A forward -s $LOCALNET -i $INETDEV -j MASQ
ipchains -A forward -d $LOCALNET -i $LOCALDEV -j ACCEPT
With these rules (cloned from Lourdes suggestions above) the
client's attempt to connect does NOT bring up the link
If the link is brought up locally... the client's DNS request will work.
If I add:
REMOTENET=0/0
ipchains -A forward -s $LOCALNET -d $REMOTENET -j MASQ
then the client's DNS request brings up the link, but FAILS.
Which is effectively where I was when I JUST had the above last
two lines not the previous three.
Just to eliminate variables, I made sure that nothing was executed
in the ip-up.local script in the ppp directory
Yes, per the suggestion of several, I added 3 DNS entries in
resolv.conf and on the windoze client. It did no good.
If I can ever get this to work I promise to publish a set of scripts that
will make it turnkey for the next guy...
BTW: I get the SAME behavior with telnet from the client to a HARD ip
address. Once the link is up the telnet works.
Can anyone suggest how to get the windoze DNS request to BOTH bring up
the link... AND succeed?
Frustrated....
Lincoln
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
