Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Hans-Werner Hilse <hilse@×××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Need help with routing
Date: Tue, 11 Sep 2007 18:37:32
Message-Id: 20070911202150.4a86018f.hilse@web.de
In Reply to: Re: [gentoo-user] Need help with routing by Florian Philipp
1 Hi,
2
3 On Tue, 11 Sep 2007 18:50:52 +0200 Florian Philipp
4 <f.philipp@××××××.de> wrote:
5
6 > > My suggestion for a proper setup would be
7 > >
8 > > $ iptables -F FORWARD
9 > > $ iptables -P FORWARD DROP
10 > > $ iptables -A FORWARD -i eth0 -o ppp0 -m state --state
11 > > NEW,ESTABLISHED,RELATED -j ACCEPT $ iptables -A FORWARD -i ppp0 -o
12 > > eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT ...plus rules
13 > > allowing for forwarding designated ports, if any
14 > >
15 > > You'll certainly want to keep this:
16 > > $ iptables -A POSTROUTING -o ppp0 -j MASQUERADE
17 > > in place, too.
18 > >
19 > > Note that this trusts any box connecting via eth0, not just a single
20 > > client.
21 > [...]
22 > When I try to apply the rules you've posted I get:
23 >
24 > $ iptables -A FORWARD -i eth0 -o ppp0 -m state --state \
25 > NEW,ESTABLISHED,RELATED -j ACCEPT
26 >
27 > iptables: No chain/target/match by that name
28
29 Hm, you do not seem to have your kernel configured for connection state
30 matching.
31
32 Just start with basic rules:
33 $ iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
34 $ iptables -A FORWARD -o eth0 -i ppp0 -j ACCEPT
35
36 (instead of the "iptables -A" settings mentioned before)
37
38 But note that those would potentially allow inbound connections to get
39 routed to any desired machine (desired by the party outside your
40 network, that is). So make sure that either such requests aren't
41 getting forwarded to your router (and this is most probably already the
42 case for your setup -- DSL or cable, I guess?) or your LAN doesn't care
43 (i.e. is secured). Most PPP endpoints, however, would drop such traffic
44 anyway, so you should be secure if you trust your provider.
45
46 Basically I think this is what the Gentoo wiki guide *intended* to do.
47
48 -hwh
49 --
50 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Need help with routing Florian Philipp <f.philipp@××××××.de>
Report Message
Find on MARC Find on Google Groups