> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Gerald > Timothy Quimpo > Sent: Wednesday, July 03, 2002 1:02 AM > To: PLUG > Subject: RE: [plug] IPTables, djbdns and qmail problems? > > > in your original email, you said that the headless box (which has > the modem connected to it) can ping outward, but the LTSP server > (which is behind the headless box) can't. have you got that > working yet? my suggestion (because this is what i tend to do): > first get things working with just command line work, then clean > it up later (as sacha says, with the appropriate entries in > /etc/sysconfig/*). although i tend not to touch /etc/sysconfig/* > directly, instead using linuxconf or webmin to manage that, unless > i get tired of that and just hack up some stuff to put in > /etc/rc.d/rc.local).
It's not working yet. I'm not using any GUI tools in trying to fix the problem. Just a pure bash and vim commands. > first of all, we need to make sure the LTSP server can be NATted > outward. set the LTSP's gateway to be the headless box. on the > LTSP server do: > > route add default gw 192.168.1.1 I did this already. > next the headless box needs to NAT internal requests outward. > the following are minimums. you'll want to add other firewall > rules and also make the minimum setup more secure. do these > on the headless box. > > # enable ip forwarding > echo "1" > /proc/sys/net/ipv4/ip_forward > > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT These commands are probably what I lack. > # assuming your ppp device is ppp0, then enable NAT on that device. > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE I did this already. > warning: that setup is very open. you will want to clean that up > after you've got masquerading working. i suggest using that > initially though, just until masquerading is working. > > once you've got masquerade up and running, then you can work on > cleaning up the firewall rules and getting the other stuff working... I will. > later, you might want to put the masquerade rule in the relevant > /etc/ppp/ip-up and ip-down (or ip-up.local and ip-down.local or > whatever) scripts. that way, the masquerade rule will be added > whenever ppp goes up and removed whenever ppp goes down. When you say "a script", do you mean that it is more likely a bash program in a file or just the iptables' commands in a file? And also, is it okay to put the "scripts" at /etc/rc.d/init.d/ and I'll just make a link to /etc/rc3.d/? Thanks. --- MARVIN T. PASCUAL E-Mail: [EMAIL PROTECTED] Tel. #: (+63-2) 925-2052/981-7022 Linux User No. 247147
BEGIN:VCARD VERSION:2.1 N:Pascual;Marvin T. FN:Marvin T. Pascual ORG:Bureau of Internal Revenue;Information Systems Development Service TITLE:Information Systems Analyst 1 TEL;WORK;VOICE:9252052 TEL;WORK;VOICE:9817022 TEL;HOME;VOICE:9293952 TEL;PREF:9252052 ADR;WORK:;Systems Maintenance and Support Division;#14 Makadios Street, Sikatuna Village;Quezon City;;1101;Philippines LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Systems Maintenance and Support Division=0D=0A#14 Makadios Street, Sikatuna = Village=0D=0AQuezon City 1101=0D=0APhilippines EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20020423T181951Z END:VCARD
