[gentoo-doc-cvs] cvs commit: home-router-howto.xml - gentoo-doc-cvs

From:	vapier <vapier@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: home-router-howto.xml
Date:	Sun, 14 Aug 2005 04:39:02
Message-Id:	`200508140438.j7E4cdv6031041@robin.gentoo.org`

1

vapier      05/08/14 04:38:49

2

3

  Modified:    xml/htdocs/doc/en home-router-howto.xml

4

  Log:

5

  replace eth0 with $LAN and eth1 with $WAN and rename Debugging section to Troubleshooting #102450 by Arnold Miller

6

7

Revision  Changes    Path

8

1.30      +35 -27    xml/htdocs/doc/en/home-router-howto.xml

9

10

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml?rev=1.30&content-type=text/x-cvsweb-markup&cvsroot=gentoo

11

plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml?rev=1.30&content-type=text/plain&cvsroot=gentoo

12

diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml.diff?r1=1.29&r2=1.30&cvsroot=gentoo

13

14

Index: home-router-howto.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v

17

retrieving revision 1.29

18

retrieving revision 1.30

19

diff -u -r1.29 -r1.30

20

--- home-router-howto.xml	4 Aug 2005 00:18:20 -0000	1.29

21

+++ home-router-howto.xml	14 Aug 2005 04:38:48 -0000	1.30

22

@@ -1,5 +1,5 @@

23

 <?xml version='1.0' encoding='UTF-8'?>

24

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.29 2005/08/04 00:18:20 vapier Exp $ -->

25

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.30 2005/08/14 04:38:48 vapier Exp $ -->

26

 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

27

28

 <guide link="/doc/en/home-router-howto.xml">

29

@@ -15,8 +15,8 @@

30

 for connecting your home network to the internet.

31

 </abstract>

32

33

-<version>1.9</version>

34

-<date>2005-08-03</date>

35

+<version>1.10</version>

36

+<date>2005-08-14</date>

37

38

 <chapter>

39

 <title>Introduction</title>

40

@@ -206,7 +206,7 @@

41

 # <i>nano /etc/conf.d/net</i>

42

 <comment>Add an entry for config_eth1 and set it to adsl:</comment>

43

 config_eth1=( "adsl" )

44

-# <i>ln -s net.eth0 /etc/init.d/net.eth1</i>

45

+# <i>ln -s net.lo /etc/init.d/net.eth1</i>

46

 # <i>rc-update add net.eth1 default</i>

47

 # <i>/etc/init.d/net.eth1 start</i>

48

 </pre>

49

@@ -247,7 +247,7 @@

50

 nameserver 123.123.123.123

51

52

 <comment>Dynamic and Static Setup:</comment>

53

-# <i>ln -s net.eth0 /etc/init.d/net.eth1</i>

54

+# <i>ln -s net.lo /etc/init.d/net.eth1</i>

55

 # <i>rc-update add net.eth1 default</i>

56

 # <i>/etc/init.d/net.eth1 start</i>

57

 </pre>

58

@@ -413,24 +413,28 @@

59

 # <i>iptables -F</i>

60

 # <i>iptables -t nat -F</i>

61

62

+<comment>Copy and paste these examples ...</comment>

63

+# <i>export LAN=eth0</i>

64

+# <i>export WAN=eth1</i>

65

+

66

 <comment>Then we lock our services so they only work from the LAN</comment>

67

-# <i>iptables -I INPUT 1 -i eth0 -j ACCEPT</i>

68

+# <i>iptables -I INPUT 1 -i ${LAN} -j ACCEPT</i>

69

 # <i>iptables -I INPUT 1 -i lo -j ACCEPT</i>

70

-# <i>iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT</i>

71

-# <i>iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT</i>

72

+# <i>iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT</i>

73

+# <i>iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT</i>

74

75

 <comment>(Optional) Allow access to our ssh server from the WAN</comment>

76

-# <i>iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT</i>

77

+# <i>iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT</i>

78

79

 <comment>Drop TCP / UDP packets to privileged ports</comment>

80

-# <i>iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP</i>

81

-# <i>iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP</i>

82

+# <i>iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>

83

+# <i>iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>

84

85

 <comment>Finally we add the rules for NAT</comment>

86

-# <i>iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP</i>

87

-# <i>iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT</i>

88

-# <i>iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT</i>

89

-# <i>iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE</i>

90

+# <i>iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP</i>

91

+# <i>iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT</i>

92

+# <i>iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT</i>

93

+# <i>iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE</i>

94

 <comment>Tell the kernel that ip forwarding is OK</comment>

95

 # <i>echo 1 > /proc/sys/net/ipv4/ip_forward</i>

96

 # <i>for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done</i>

97

@@ -486,7 +490,7 @@

98

99

<p>

100

 All the port forwarding rules are of the form <c>iptables -t nat -A PREROUTING

101

-[-p protocol] --dport [external port on router] -i eth1 -j DNAT --to [ip/port

102

+[-p protocol] --dport [external port on router] -i ${WAN} -j DNAT --to [ip/port

103

 to forward to]</c>.  iptables does not accept hostnames when port forwarding.

104

 If you are forwarding an external port to the same port on the internal

105

 machine, you can omit the destination port.  See the iptables(8) page for more

106

@@ -494,29 +498,33 @@

107

 </p>

108

109

 <pre caption="Running the iptables commands">

110

+<comment>Copy and paste these examples ...</comment>

111

+# <i>export LAN=eth0</i>

112

+# <i>export WAN=eth1</i>

113

+

114

 <comment>Forward port 2 to ssh on an internal host</comment>

115

-# <i>iptables -t nat -A PREROUTING -p tcp --dport 2 -i eth1 -j DNAT --to 192.168.0.2:22</i>

116

+# <i>iptables -t nat -A PREROUTING -p tcp --dport 2 -i ${WAN} -j DNAT --to 192.168.0.2:22</i>

117

118

 <comment>FTP forwarding to an internal host</comment>

119

-# <i>iptables -t nat -A PREROUTING -p tcp --dport 21 -i eth1 -j DNAT --to 192.168.0.56</i>

120

+# <i>iptables -t nat -A PREROUTING -p tcp --dport 21 -i ${WAN} -j DNAT --to 192.168.0.56</i>

121

122

 <comment>HTTP forwarding to an internal host</comment>

123

-# <i>iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 192.168.0.56</i>

124

+# <i>iptables -t nat -A PREROUTING -p tcp --dport 80 -i ${WAN} -j DNAT --to 192.168.0.56</i>

125

126

 <comment>VNC forwarding for internal hosts</comment>

127

-# <i>iptables -t nat -I PREROUTING -p tcp --dport 5900 -i eth1 -j DNAT --to 192.168.0.2</i>

128

-# <i>iptables -t nat -I PREROUTING -p tcp --dport 5901 -i eth1 -j DNAT --to 192.168.0.3:5900</i>

129

+# <i>iptables -t nat -I PREROUTING -p tcp --dport 5900 -i ${WAN} -j DNAT --to 192.168.0.2</i>

130

+# <i>iptables -t nat -I PREROUTING -p tcp --dport 5901 -i ${WAN} -j DNAT --to 192.168.0.3:5900</i>

131

 <comment>If you want to VNC in to 192.168.0.3, then just add ':1' to the router's hostname</comment>

132

133

 <comment>Bittorrent forwarding</comment>

134

-# <i>iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i eth1 -j DNAT --to 192.168.0.2</i>

135

+# <i>iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i ${WAN} -j DNAT --to 192.168.0.2</i>

136

137

 <comment>Game Cube Warp Pipe support</comment>

138

-# <i>iptables -t nat -A PREROUTING -p udp --dport 4000 -i eth1 -j DNAT --to 192.168.0.56</i>

139

+# <i>iptables -t nat -A PREROUTING -p udp --dport 4000 -i ${WAN} -j DNAT --to 192.168.0.56</i>

140

141

 <comment>Playstation2 Online support</comment>

142

-# <i>iptables -t nat -A PREROUTING -p tcp --dport 10070:10080 -i eth1 -j DNAT --to 192.168.0.11</i>

143

-# <i>iptables -t nat -A PREROUTING -p udp --dport 10070:10080 -i eth1 -j DNAT --to 192.168.0.11</i>

144

+# <i>iptables -t nat -A PREROUTING -p tcp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11</i>

145

+# <i>iptables -t nat -A PREROUTING -p udp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11</i>

146

 </pre>

147

148

 <note>

149

@@ -760,7 +768,7 @@

150

 # <i>emerge qmail</i>

151

 <comment>make sure the output of `hostname` is correct</comment>

152

 # <i>ebuild /var/db/pkg/*-*/qmail-1.03-r*/*.ebuild config</i>

153

-# <i>iptables -I INPUT -p tcp --dport smtp -i ! eth0 -j REJECT</i>

154

+# <i>iptables -I INPUT -p tcp --dport smtp -i ! ${LAN} -j REJECT</i>

155

 # <i>ln -s /var/qmail/supervise/qmail-send /service/qmail-send</i>

156

 # <i>ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd</i>

157

 <!--

158

@@ -811,7 +819,7 @@

159

 </chapter>

160

161

 <chapter>

162

-<title>Debugging</title>

163

+<title>Troubleshooting</title>

164

165

 <section>

166

 <title>Useful Tools</title>

--

171

gentoo-doc-cvs@g.o mailing list

1	vapier 05/08/14 04:38:49
2
3	Modified: xml/htdocs/doc/en home-router-howto.xml
4	Log:
5	replace eth0 with $LAN and eth1 with $WAN and rename Debugging section to Troubleshooting #102450 by Arnold Miller
6
7	Revision Changes Path
8	1.30 +35 -27 xml/htdocs/doc/en/home-router-howto.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml?rev=1.30&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml?rev=1.30&content-type=text/plain&cvsroot=gentoo
12	diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/home-router-howto.xml.diff?r1=1.29&r2=1.30&cvsroot=gentoo
13
14	Index: home-router-howto.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v
17	retrieving revision 1.29
18	retrieving revision 1.30
19	diff -u -r1.29 -r1.30
20	--- home-router-howto.xml 4 Aug 2005 00:18:20 -0000 1.29
21	+++ home-router-howto.xml 14 Aug 2005 04:38:48 -0000 1.30
22	@@ -1,5 +1,5 @@
23	<?xml version='1.0' encoding='UTF-8'?>
24	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.29 2005/08/04 00:18:20 vapier Exp $ -->
25	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.30 2005/08/14 04:38:48 vapier Exp $ -->
26	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
27
28	<guide link="/doc/en/home-router-howto.xml">
29	@@ -15,8 +15,8 @@
30	for connecting your home network to the internet.
31	</abstract>
32
33	-<version>1.9</version>
34	-<date>2005-08-03</date>
35	+<version>1.10</version>
36	+<date>2005-08-14</date>
37
38	<chapter>
39	<title>Introduction</title>
40	@@ -206,7 +206,7 @@
41	# <i>nano /etc/conf.d/net</i>
42	<comment>Add an entry for config_eth1 and set it to adsl:</comment>
43	config_eth1=( "adsl" )
44	-# <i>ln -s net.eth0 /etc/init.d/net.eth1</i>
45	+# <i>ln -s net.lo /etc/init.d/net.eth1</i>
46	# <i>rc-update add net.eth1 default</i>
47	# <i>/etc/init.d/net.eth1 start</i>
48	</pre>
49	@@ -247,7 +247,7 @@
50	nameserver 123.123.123.123
51
52	<comment>Dynamic and Static Setup:</comment>
53	-# <i>ln -s net.eth0 /etc/init.d/net.eth1</i>
54	+# <i>ln -s net.lo /etc/init.d/net.eth1</i>
55	# <i>rc-update add net.eth1 default</i>
56	# <i>/etc/init.d/net.eth1 start</i>
57	</pre>
58	@@ -413,24 +413,28 @@
59	# <i>iptables -F</i>
60	# <i>iptables -t nat -F</i>
61
62	+<comment>Copy and paste these examples ...</comment>
63	+# <i>export LAN=eth0</i>
64	+# <i>export WAN=eth1</i>
65	+
66	<comment>Then we lock our services so they only work from the LAN</comment>
67	-# <i>iptables -I INPUT 1 -i eth0 -j ACCEPT</i>
68	+# <i>iptables -I INPUT 1 -i ${LAN} -j ACCEPT</i>
69	# <i>iptables -I INPUT 1 -i lo -j ACCEPT</i>
70	-# <i>iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT</i>
71	-# <i>iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT</i>
72	+# <i>iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT</i>
73	+# <i>iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT</i>
74
75	<comment>(Optional) Allow access to our ssh server from the WAN</comment>
76	-# <i>iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT</i>
77	+# <i>iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT</i>
78
79	<comment>Drop TCP / UDP packets to privileged ports</comment>
80	-# <i>iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP</i>
81	-# <i>iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP</i>
82	+# <i>iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>
83	+# <i>iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP</i>
84
85	<comment>Finally we add the rules for NAT</comment>
86	-# <i>iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP</i>
87	-# <i>iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT</i>
88	-# <i>iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT</i>
89	-# <i>iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE</i>
90	+# <i>iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP</i>
91	+# <i>iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT</i>
92	+# <i>iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT</i>
93	+# <i>iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE</i>
94	<comment>Tell the kernel that ip forwarding is OK</comment>
95	# <i>echo 1 > /proc/sys/net/ipv4/ip_forward</i>
96	# <i>for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done</i>
97	@@ -486,7 +490,7 @@
98
99	<p>
100	All the port forwarding rules are of the form <c>iptables -t nat -A PREROUTING
101	-[-p protocol] --dport [external port on router] -i eth1 -j DNAT --to [ip/port
102	+[-p protocol] --dport [external port on router] -i ${WAN} -j DNAT --to [ip/port
103	to forward to]</c>. iptables does not accept hostnames when port forwarding.
104	If you are forwarding an external port to the same port on the internal
105	machine, you can omit the destination port. See the iptables(8) page for more
106	@@ -494,29 +498,33 @@
107	</p>
108
109	<pre caption="Running the iptables commands">
110	+<comment>Copy and paste these examples ...</comment>
111	+# <i>export LAN=eth0</i>
112	+# <i>export WAN=eth1</i>
113	+
114	<comment>Forward port 2 to ssh on an internal host</comment>
115	-# <i>iptables -t nat -A PREROUTING -p tcp --dport 2 -i eth1 -j DNAT --to 192.168.0.2:22</i>
116	+# <i>iptables -t nat -A PREROUTING -p tcp --dport 2 -i ${WAN} -j DNAT --to 192.168.0.2:22</i>
117
118	<comment>FTP forwarding to an internal host</comment>
119	-# <i>iptables -t nat -A PREROUTING -p tcp --dport 21 -i eth1 -j DNAT --to 192.168.0.56</i>
120	+# <i>iptables -t nat -A PREROUTING -p tcp --dport 21 -i ${WAN} -j DNAT --to 192.168.0.56</i>
121
122	<comment>HTTP forwarding to an internal host</comment>
123	-# <i>iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 192.168.0.56</i>
124	+# <i>iptables -t nat -A PREROUTING -p tcp --dport 80 -i ${WAN} -j DNAT --to 192.168.0.56</i>
125
126	<comment>VNC forwarding for internal hosts</comment>
127	-# <i>iptables -t nat -I PREROUTING -p tcp --dport 5900 -i eth1 -j DNAT --to 192.168.0.2</i>
128	-# <i>iptables -t nat -I PREROUTING -p tcp --dport 5901 -i eth1 -j DNAT --to 192.168.0.3:5900</i>
129	+# <i>iptables -t nat -I PREROUTING -p tcp --dport 5900 -i ${WAN} -j DNAT --to 192.168.0.2</i>
130	+# <i>iptables -t nat -I PREROUTING -p tcp --dport 5901 -i ${WAN} -j DNAT --to 192.168.0.3:5900</i>
131	<comment>If you want to VNC in to 192.168.0.3, then just add ':1' to the router's hostname</comment>
132
133	<comment>Bittorrent forwarding</comment>
134	-# <i>iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i eth1 -j DNAT --to 192.168.0.2</i>
135	+# <i>iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i ${WAN} -j DNAT --to 192.168.0.2</i>
136
137	<comment>Game Cube Warp Pipe support</comment>
138	-# <i>iptables -t nat -A PREROUTING -p udp --dport 4000 -i eth1 -j DNAT --to 192.168.0.56</i>
139	+# <i>iptables -t nat -A PREROUTING -p udp --dport 4000 -i ${WAN} -j DNAT --to 192.168.0.56</i>
140
141	<comment>Playstation2 Online support</comment>
142	-# <i>iptables -t nat -A PREROUTING -p tcp --dport 10070:10080 -i eth1 -j DNAT --to 192.168.0.11</i>
143	-# <i>iptables -t nat -A PREROUTING -p udp --dport 10070:10080 -i eth1 -j DNAT --to 192.168.0.11</i>
144	+# <i>iptables -t nat -A PREROUTING -p tcp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11</i>
145	+# <i>iptables -t nat -A PREROUTING -p udp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11</i>
146	</pre>
147
148	<note>
149	@@ -760,7 +768,7 @@
150	# <i>emerge qmail</i>
151	<comment>make sure the output of `hostname` is correct</comment>
152	# <i>ebuild /var/db/pkg/-/qmail-1.03-r/.ebuild config</i>
153	-# <i>iptables -I INPUT -p tcp --dport smtp -i ! eth0 -j REJECT</i>
154	+# <i>iptables -I INPUT -p tcp --dport smtp -i ! ${LAN} -j REJECT</i>
155	# <i>ln -s /var/qmail/supervise/qmail-send /service/qmail-send</i>
156	# <i>ln -s /var/qmail/supervise/qmail-smtpd /service/qmail-smtpd</i>
157	<!--
158	@@ -811,7 +819,7 @@
159	</chapter>
160
161	<chapter>
162	-<title>Debugging</title>
163	+<title>Troubleshooting</title>
164
165	<section>
166	<title>Useful Tools</title>
167
168
169
170	--
171	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs