[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux(2.4.x) and masqeurating
- To: linux-il(at-nospam)linux.org.il
- Subject: Re: Linux(2.4.x) and masqeurating
- From: Avishay Aton <cgadsl6(at-nospam)netvision.net.il>
- Date: Fri, 16 Nov 2001 22:16:20 +0200
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Disposition-notification-to: cgadsl6@netvision.net.il
- References: <Pine.GSO.4.33.0111162200560.20999-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
sure,i will send detailed howto for freebsd in a week,
for openbsd , it will take 2 weeks.
Thanks
Avishay
----- Original Message -----
From: "Dani Arbel" <darbel@techunix.technion.ac.il>
To: "Avishay Aton" <cgadsl6@netvision.net.il>
Sent: Friday, November 16, 2001 10:02 PM
Subject: Re: Linux(2.4.x) and masqeurating
> Avishai,
> If you have ADSL running on FreeBSD, it would be nice if you send us the
> relevant info so we can add suport to it in our Linux ADSL howto.
> Thanks,
> Dani
>
> On Fri, 16 Nov 2001, Avishay Aton wrote:
>
> > GREAT,this was the problem. i have inserted the following rule in
FORWARD
> > chain
> > nad it works..
> > iptables -I FORWARD -p tcp --tcp-flags SYN,RST,SYN -j
> > TCPMSS --clamp-mss-to-pmtu
> >
> > all i have to do is changing tcpmss in ipfilter on FreeBSD.
> >
> > Thanks
> > ----- Original Message -----
> > From: "Dani Arbel" <darbel@techunix.technion.ac.il>
> > To: "Avishay Aton" <cgadsl6@netvision.net.il>
> > Sent: Friday, November 16, 2001 9:44 PM
> > Subject: Re: Linux(2.4.x) and masqeurating
> >
> >
> > > Avishai,
> > > You are probably a victim of blackholing. go to:
> > > http://damyen.technion.ac.il/~dani/
> > > read about the ADsL MTU issu , and see in the iptables example there
the
> > > line with tcp_mss that you should add to your script.
> > > Dani
> > >
> > > On Fri, 16 Nov 2001, Avishay Aton wrote:
> > >
> > > > I didn't enable ECN on my last kernel compilation(2.4.14)
> > > > My configuration:
> > > > uname -a
> > > > Linux rasta 2.4.14-ext3 #1 Fri Nov 16 19:35:20 IST 2001 i686 unknown
> > > >
> > > >
> > > > [root@rasta root]# ifconfig
> > > > eth0 Link encap:Ethernet HWaddr 00:50:DA:1C:76:6B
> > > > inet addr:10.0.0.140 Bcast:10.255.255.255 Mask:255.0.0.0
> > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > > > RX packets:702 errors:1 dropped:0 overruns:0 frame:2
> > > > TX packets:1001 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:2 txqueuelen:100
> > > > RX bytes:149791 (146.2 Kb) TX bytes:121058 (118.2 Kb)
> > > > Interrupt:9 Base address:0x1400
> > > >
> > > > eth1 Link encap:Ethernet HWaddr 00:A0:C9:B0:0D:43
> > > > inet addr:10.0.0.141 Bcast:10.255.255.255 Mask:255.0.0.0
> > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > > > RX packets:90 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:100
> > > > RX bytes:10178 (9.9 Kb) TX bytes:3007 (2.9 Kb)
> > > > Interrupt:10
> > > >
> > > > lo Link encap:Local Loopback
> > > > inet addr:127.0.0.1 Mask:255.0.0.0
> > > > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > > > RX packets:37 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:0
> > > > RX bytes:2176 (2.1 Kb) TX bytes:2176 (2.1 Kb)
> > > >
> > > > ppp0 Link encap:Point-to-Point Protocol
> > > > inet addr:212.143.40.233 P-t-P:212.143.32.1
> > Mask:255.255.255.255
> > > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1452 Metric:1
> > > > RX packets:198 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:3
> > > > RX bytes:90908 (88.7 Kb) TX bytes:26131 (25.5 Kb)
> > > >
> > > >
> > > >
> > > > and Finally my rules
> > > >
> > > >
> > > > [root@rasta root]# cat fw.rules
> > > > #!/bin/sh
> > > > ## open up pptp connection
> > > > echo "Connecting to the net"
> > > > /usr/bin/pptp 10.0.0.138
> > > > sleep 3
> > > > if ifconfig | grep -q "ppp"
> > > > then
> > > > echo "looking good,now let's secure our connection!"
> > > >
> > > > ## initialize iptables
> > > > echo "Firewall initialization"
> > > >
> > > > modprobe ipt_state || exit 1
> > > > modprobe iptable_nat || exit 1
> > > > modprobe ip_conntrack_ftp || exit 1
> > > > modprobe ipt_LOG || exit 1
> > > >
> > > >
> > > > iptables -N block
> > > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > > iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
> > > > iptables -A block -j DROP
> > > > iptables -A INPUT -j block
> > > > iptables -A FORWARD -j block
> > > >
> > > > echo "Now for NAT - only MASQUERDAING!!"
> > > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > > > echo "iptables is up `date`"
> > > >
> > > > The end
> > > > Thanks
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Dani Arbel" <darbel@techunix.technion.ac.il>
> > > > To: "Avishay Aton" <cgadsl6@netvision.net.il>
> > > > Cc: <linux-il@linux.org.il>
> > > > Sent: Friday, November 16, 2001 6:54 PM
> > > > Subject: Re: Linux(2.4.x) and masqeurating
> > > >
> > > >
> > > > > Avisay,
> > > > > 1) send a complete list of your rules + ifconfig output
> > > > > 2) what is secure remote?
> > > > > 3) when you fail to connect somewhere, there should be a message
in
> > the
> > > > > log containing the droped packet description (unless you have not
put
> > log
> > > > > rules ). That can help in catching the problem.
> > > > >
> > > > >
> > > > > On Fri, 16 Nov 2001, Avishay Aton wrote:
> > > > >
> > > > > > Hi,
> > > > > > i connect to the net with pptp + adsl, and i use nat on my linux
> > > > box(2.4.x) for other computers on
> > > > > > my private network.
> > > > > > My nat rule is simple one:
> > > > > >
> > > > > > modprobe iptable_nat
> > > > > > modprobe ip_conntrack_ftp
> > > > > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > > > > >
> > > > > >
> > > > > > I can get most of the sites , but for example www.linuxtoday.com
> > dosn't
> > > > work for me.
> > > > > > also , imap client sometimes work , sometimes dosn't.
> > > > > > and finally "secure remote" ?! anyone sucsseded to connect with
nat
> > +
> > > > FWZ ?
> > > > > > Thanks
> > > > > > Avishay
> > > > > >
> > > > >
> > > > >
> > > > > =================================================================
> > > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > > >
> > > > >
> > > >
> > >
> > >
> >
>
>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il