1 |
Hi, |
2 |
|
3 |
On Tue, 16 Jan 2007 00:30:30 +0100 |
4 |
"Daniel Pielmeier" <daniel.pielmeier@××××××××××.com> wrote: |
5 |
|
6 |
> > - is forwarding actually really enabled? Just "cat" the |
7 |
> > relevant /proc/sys/net/ipv4/ip_forward. |
8 |
> |
9 |
> cat /proc/sys/net/ipv4/ip_forward |
10 |
> returns 1 |
11 |
> |
12 |
> > So remaining things to check would be |
13 |
> > - where do packets do what? Use "tcpdump" on the router to monitor |
14 |
> > how packets flow. Don't cite all the output, but look at where |
15 |
> > packets are coming and going. Two terminals with "tcpdump -i eth0" |
16 |
> > and "tcpdump -i ppp0" would tell you that. Send a few pings from the |
17 |
> > desktop to the internet. Also try pinging an IP from the desktop, not |
18 |
> > just hostnames (to rule out nameserver borkage). |
19 |
> |
20 |
> Here is what tcdump returns! |
21 |
> [...] |
22 |
|
23 |
That's what I wanted to avoid with asking for not citing everything :-) |
24 |
|
25 |
But everything looks quite normal, except for that packets aren't |
26 |
routed. So its up to somebody else to tell exactly what that "policy" |
27 |
module in iptables does -- and how. I don't have answers left here -- |
28 |
except for the case that a manual iptables setup is sufficient. |
29 |
|
30 |
Personally, I'm quite happy with |
31 |
|
32 |
$ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE |
33 |
$ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT |
34 |
$ iptables -A FORWARD -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT |
35 |
|
36 |
for the forwarding. All that fancy-schmanzy stuff that shorewall does |
37 |
isn't in there, granted. |
38 |
|
39 |
-hwh |
40 |
-- |
41 |
gentoo-user@g.o mailing list |