| 1 |
>>I have been having trouble forwarding packets using iptables on my |
| 2 |
>>Gentoo box. I am no iptables expert. |
| 3 |
>> |
| 4 |
>>I connect to the internet using rp-pppoe. I use firestarter for |
| 5 |
>>firewalling. Yesterday I installed VMware and chose host only |
| 6 |
>>networking between the VMs. vmnet0 was bound to 192.168.128.1 and the |
| 7 |
>>rest of the subnet being 192.168.128.0/24. |
| 8 |
>> |
| 9 |
>>As should be obvious by now, I need to forward packets from ppp0 to |
| 10 |
>>vmnet0 and allow outbound packets as well. |
| 11 |
> |
| 12 |
> Add |
| 13 |
> net.ipv4.conf.all.forwarding = 1 |
| 14 |
> to |
| 15 |
> /etc/sysctl.conf |
| 16 |
> and apply the setting by issuing |
| 17 |
> sysctl -p |
| 18 |
> as root. |
| 19 |
> |
| 20 |
> Issue the command: |
| 21 |
> iptables -t nat -A POSTROUTING \ |
| 22 |
> -o ppp0 \ |
| 23 |
> --source 192.168.128.0/24 \ |
| 24 |
> -j MASQUERADE |
| 25 |
> also as root. |
| 26 |
> |
| 27 |
> You may also want to issue: |
| 28 |
> iptables -t mangle -A OUTPUT \ |
| 29 |
> -p tcp \ |
| 30 |
> --tcp-flags SYN,RST SYN \ |
| 31 |
> -j TCPMSS --clamp-mss-to-pmtu |
| 32 |
> and possibly |
| 33 |
> iptables -t mangle -A OUTPUT \ |
| 34 |
> -p tcp \ |
| 35 |
> --tcp-flags SYN,RST SYN \ |
| 36 |
> -j TCPMSS --clamp-mss-to-pmtu |
| 37 |
> as root to help control packet fragmentation. |
| 38 |
> |
| 39 |
> I believe the iptables init script should handle saving/restoring these |
| 40 |
> rules on reboot. |
| 41 |
> |
| 42 |
> I have NO IDEA how to add these iptables rules to firestarter. |
| 43 |
|
| 44 |
You may also try to uncomment CLAMPMSS=1412 in /etc/ppp/pppoe.conf |
| 45 |
instead to see if this works with firestarter |
| 46 |
connection sharing settings. |
| 47 |
And you may try shorewall on your gateway/router |
| 48 |
as an alternative to firestarter. |
| 49 |
|
| 50 |
HTH, |
| 51 |
Sasha |
| 52 |
|
| 53 |
-- |
| 54 |
gentoo-user@g.o mailing list |
Archives