| 1 |
Hi, |
| 2 |
|
| 3 |
On Tue, 16 Jan 2007 00:30:30 +0100 |
| 4 |
"Daniel Pielmeier" <daniel.pielmeier@××××××××××.com> wrote: |
| 5 |
|
| 6 |
> > - is forwarding actually really enabled? Just "cat" the |
| 7 |
> > relevant /proc/sys/net/ipv4/ip_forward. |
| 8 |
> |
| 9 |
> cat /proc/sys/net/ipv4/ip_forward |
| 10 |
> returns 1 |
| 11 |
> |
| 12 |
> > So remaining things to check would be |
| 13 |
> > - where do packets do what? Use "tcpdump" on the router to monitor |
| 14 |
> > how packets flow. Don't cite all the output, but look at where |
| 15 |
> > packets are coming and going. Two terminals with "tcpdump -i eth0" |
| 16 |
> > and "tcpdump -i ppp0" would tell you that. Send a few pings from the |
| 17 |
> > desktop to the internet. Also try pinging an IP from the desktop, not |
| 18 |
> > just hostnames (to rule out nameserver borkage). |
| 19 |
> |
| 20 |
> Here is what tcdump returns! |
| 21 |
> [...] |
| 22 |
|
| 23 |
That's what I wanted to avoid with asking for not citing everything :-) |
| 24 |
|
| 25 |
But everything looks quite normal, except for that packets aren't |
| 26 |
routed. So its up to somebody else to tell exactly what that "policy" |
| 27 |
module in iptables does -- and how. I don't have answers left here -- |
| 28 |
except for the case that a manual iptables setup is sufficient. |
| 29 |
|
| 30 |
Personally, I'm quite happy with |
| 31 |
|
| 32 |
$ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE |
| 33 |
$ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT |
| 34 |
$ iptables -A FORWARD -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT |
| 35 |
|
| 36 |
for the forwarding. All that fancy-schmanzy stuff that shorewall does |
| 37 |
isn't in there, granted. |
| 38 |
|
| 39 |
-hwh |
| 40 |
-- |
| 41 |
gentoo-user@g.o mailing list |
Archives