On Wed, 2002-07-03 at 18:59, Marvin Pascual wrote:
> > route add default gw 192.168.1.1
>
> I did this already.
yeah, i knew you had... from your emails with benj.
> > # enable ip forwarding
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> These commands are probably what I lack.
ok. the policies are probably not a big deal (iptables -P ...).
they're usually ACCEPT by default anyway.
setting /proc/sys/net/ipv4/ip_forward is necessary though
because if it's set to "0", then the headless box is not
set up as a router. it will not forward requests from other
boxes. so even if your clients (LTSP server) has the headless
box as the gateway, when the outgoing packet arrives at the
gateway from the LTSP server, the gateway (headless box)
won't forward it onward.
> > later, you might want to put the masquerade rule in the relevant
> > /etc/ppp/ip-up and ip-down (or ip-up.local and ip-down.local or
> > whatever) scripts. that way, the masquerade rule will be added
> > whenever ppp goes up and removed whenever ppp goes down.
>
> When you say "a script", do you mean that it is more likely a bash program
> in a file or just the iptables' commands in a file? And also, is it okay to
> put the "scripts" at /etc/rc.d/init.d/ and I'll just make a link to
> /etc/rc3.d/?
the ip-up, ip-down (and i forget the other names, but probably
ip-up.local and ip-down.local) are shell scripts in /etc/ppp.
you can put anything there. with some clients, long ago, i actually
put lots of random stuff in there to help with dialup management,
dialup accounting, and anything else that needed to be done when
the client went online or offline (e.g., if i needed to manage their
server remotely, i'd have it email me its IP number everytime it
went online so i'd know the IP and could ssh into that) also,if
you've got a dynamic DNS server, then you need to tell the dynamic
DNS server your IP everytime you go online. ip-up is a good place
to do that.
to test if ip-up (or ip-up.local) are working, try this, put:
logger "going online"
in /etc/ppp/ip-up.
then monitor /var/log/messages while going online. note:
man logger. you might need to give logger parameters depending
on how syslog.conf is setup.
they are executed automatically by pppd when pppd goes up and
down. so if in ip-up you do:
iptables -t nat -A .... -j MASQUERADE
and then in ip-down you do:
iptables -t nat -D ... -j MASQUERADE
then the masquerade rule will be added or deleted dynamically,
in realtime, when your ppp connection goes up or down. that's
just for neatness though. you could also just always have that
masquerade rule set up (e.g., by rc.local, or a script called from
rc.local).
you can put the scripts wherever you like. i tend to put my
firewall rules in /usr/local/sbin/firewall-rules
and then just call that from /etc/rc.d/rc.local. i know that
it could just as well be in init.d and be linked into rc.3 and
rc.5, but that's more complex than i want to get. it's just
simpler for me to call firewall-rules from rc.local.
>Thanks
you're welcome. good luck.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni*ph tiger*sni*ph
The more you complain, the longer God lets you live.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
