[masq] Dial-in user doesn't see localnet at all

Fri, 23 Oct 1998 09:05:40 -0400 

-----BEGIN PGP SIGNED MESSAGE-----

I have this problem: Dial-in users are forwarded/masqueraded properly to
the WAN, but they CANNOT see the local network.  I'm _sure_ the
fumble-fingered idiot behind my keyboard ;-) is missing something, but I
can't figure out what.  Any ideas?


The setup:
                -----------------
- -----------     |  Linux-2.0.34 |
| dial-up |<---->ppp0           |
|static IP|     |           eth0<====>192.168.36.0 local network
| address |     |  192.168.36.50|
- -----------     |               |
                |           eth1<====>204.4.21.240 router to the "world"
                |   204.4.21.50 |
                -----------------

On boot-up, this script DOES run:

#!/bin/sh
# /etc/rc.d/rc.ipfwadm
PATH=/sbin:/usr/sbin:/usr/bin:/usr/sbin
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
ipfwadm -F -a accept -S 192.168.36.0/24 -D 192.168.36.0/24  -o
ipfwadm -F -a masquerade -S 192.168.36.0/24 -D 204.4.0.0/16 -o
ipfwadm -F -a reject             -S 0.0.0.0/0 -D 0.0.0.0/0  -o
# End of rc.inet1

When a dial-in happens, /etc/ppp/ip-up IS executed: $1 is the interface
name, and $5 IS the dial-in user's static IP address (they all have one). 

#!/bin/sh
# /etc/ppp/ip-up
/sbin/ipfwadm -F -i accept -W $1 -S 192.168.36.0/24 -D $5 -o
/sbin/ipfwadm -F -i accept -W $1 -S $5 -D 0.0.0.0/0       -o
/sbin/ipfwadm -F -i accept -W $1 -S 0.0.0.0/0 -D $5       -o

_I_ think this adds a rule for the dial-in machine to access the localnet,
and the localnet to access the dial-in machine, but no joy.

When the user disconnects, /etc/ppp/ip-down runs and removes the above
rules properly.

With the "-o" to enable logging set in EVERY rule, a dial-in user pinging
192.168.36.50 (the localnet interface on the dial-in host), NOTHING shows
in the logs. Not line one!

Anyone know what I've done wrong and/or not done?

                                                        - Derek Murphy -
Systems Administrator, DocuLink International |
138-880 Wellington St.  Ottawa Ontario Canada |    PGP public key at
K1R 6K7  (613) 563-2266(fax)  563-3210(voice) | http://ludwig.doculink.com
"People should *THINK*; computers should WORK"|

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by mkpgp, a Pine/PGP interface on Linux-2.0.x.

iQC1AwUBNjCKKu0qVrnIA6PFAQGeFwT/SkI4dk8RN9LOyTpbl/6ji/7loeyg0xsX
fGaUipCLq+AgRh0nVHVgKamtKs1fvH4mkJZAf1UVSSBfRlZ2I6W4WkXY3ymxONOu
2PmkfkmIaMqZ09AXGNO/WiVJsKhP8My4PcX+DviGy8f3QAqajpcuncKTdP1pbLjn
NcCzu+aRh9VrB2B7VxPcsWUbLLfA9deZQueTiXeEn8nP5PEfG9V2xA==
=rTaU
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to