Re: [SLUG] add route to ppp0

Mon, 05 Apr 2004 16:20:40 -0700 

On Fri, 2 Apr 2004, Amanda wrote:

> I'm setting up an SME server as server & gateway. It has 2 ethernet
> cards, eth0 (192.168.0.210)to the local network, eth1 (10.0.0.3)to the
> adsl modem (10.0.0.1).
> 
> >From a machine on the Lan, I can access the internet just fine.
> 
> On the SME server, I'm running pptp client to establish a tunnel into the
> company's Windows 2000 VPN server. This also works fine. (I'm running rsync &
> mysql replication over it).
> 
> How do I add a route so local users on the lan can see machines on the lan at
> head office. I can see them just fine from the SME server.
> 
> route add -net 10.0.0.150 netmask 255.255.255.255 dev ppp0
> 
> 10.0.0.150 being an intranet web server on the company's lan. This is the
> machine I'm rsyncing & replicating against.
> 
> I can ping 10.0.0.150 from the SME server, but not from my machine on the Lan.

OK sounds like it might be a NAT problem. IE workstation IP's are being
NAT'ed for the internet regardless of destination. If that's the case then
tightening up the rules to be more specific will help.

eg
iptables -t nat -A POSTROUTING -o eth1 -d ! 10.0.0.0/24 -j MASQUERADE

AND/OR it could be the lack of NAT and therefore the lack of a return path 
from the corporate LAN. IE packets get from 192.168.0.x to 10.0.0.150 but 
can't get back. The server works because effectively the pptp server 
endpoint has proxy-arp'ed it (whatever that translates to in Windows 
speak).

iptables -t nat -A POSTROUTING -o ppp0 -d 10.0.0.0/24 -j MASQUERADE
or probably just
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

In each case this stuff should be added to the templates to 
preserve after reboot. /etc/e-smith/templates-custom/etc/init.d/firewall/ 
or something like that from memory, then /sbin/e-smith/expand-templates 
/etc/init.d/firewall (again from memory).

-- 
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, 
Linux Guru, SLUG Secretary, AUUG and Linux Australia member, Sydney 
Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that 
refuses to grow up. I'd make a good family pet, take me home today!
        Do people actually read these things?


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to