[lug] PPP server is driving me nuts!
Deva Samartha
YTAFTDJAHCWS at spammotel.com
Tue Oct 10 21:30:44 MDT 2000
>My understanding is that you do both the ip_forward and the masquerading
>in the firewall. It is how I have done it and seen it done (limited to
>two cases, mind you).
>FWIW
>Hugh
That's true, if the machine has a firewall. But in my case, the firewall is
a separate machine and the ppp server I am playing with is on the save side
of the firewall machine on the LAN but has no firewall as such.
The firewall machine does MASQ, filtering, logging, portsentry and all the
good stuff.
Now, the only way I was able to get it run is by having the ppp server
doing MASQ.
So, coming in from the ppp dialup to the ppp server, the ppp server masq's
it once, then
it goes out to the firewall machine to the DSL router and the firewall
machine masq's it the second time - which I think is not necessary.
First I thought, it was a routing problem - but apparently, the pppd goes
about routing in some way and needs ( according to the query results I got
from the net ) ip_forward to pipe it through the default gateway.
In general, with one machine as ppp server and outgoing gateway it's done
with masq and ip_forwarding.
Maybe there is a way doing an ipchain command just doing ip_forward instead
of -j MASQ
but I don't know enough about it.
Samartha
More information about the LUG
mailing list