[linux-help] Re: name service
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Thanks. Got it working, although what I did was more complicated. In case
this might be useful, e.g. for Monday's presentation, I'll document a bit
of this. I picked up a shell script from:
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-3.html
This includes John's suggested commands, plus a few other things. (I'm
running RedHat 6.1, Linux 2.2.12.) I created a /etc/rc.d/rc.firewall
script, which is basically (using John's example address):
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 0/0 67 -d 0/0 68 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
I can't explain all of this, but note that the ipchains/input/ACCEPT
thing was something specific for ADSL/Cablemodem connections which
dish out DHCP addresses.
After putting this into the rc.firewall file, I ran it manually. Then
I appended it to /etc/rc.d/rc.local.
The thing that confused me in the past was that I wasn't able to get
name resolution from the other machines. I was thinking that I'd have
to set up bind on the gateway box, but I just stuck the /etc/resolv.conf
nameserver entries into the other machines, and that worked. I don't
recall how my /etc/resolv.conf got configured -- judging from the date,
it looks like it was written on my last reboot. So my guess was that
the nameservers were provided by DHCP, and that they are at least in
principle volatile, so my current setup could break. Maybe I'll know
better how to do this when it does, or just re-copy the new nameserver
entries.
Anyhow, thanks.
John Alexander wrote:
>
> Compile/make sure ip-masquerade is compiled into the kernel, then set up
> ipchains to deny all incoming connections, and forward all packets from the
> local network out through ipmasq, something like:
>
> ipchains -P forward DENY # shuts off the incoming connections
> ipchains -A forward 192.168.1.0/24 -j MASQ # all connections out gets sent
> through ipmasq.
>
> You would obviously change the ip address/subnet mask to your settings.
> These lines are for kernel 2.2, and can be added to the rc.local (that's
> what it is in RH, dunno 'bout deb, it makes my brain hurt) or, you oculd put
> them in a startup script, but put them in BEFORE you start up the network,
> that way you don't have to worry about somebody sending packets through
> before your firewall is up.
>
> ja
>
> -----Original Message-----
> From: tom@xxxxxxxxxxxx [mailto:tom@xxxxxxxxxxxx]On Behalf Of Tom Hull
> Sent: Friday, September 22, 2000 11:16 AM
> To: linux-help@xxxxxxxxx
> Subject: [linux-help] name service
>
> Quick question, probably old hat for those who have been paying attention:
>
> I have cable modem hooked into a Linux box, other machines on LAN, and
> want to access cable modem from those machines. All of these machines
> have static addresses (since my LAN is a subset of a larger network that
> I do not manage, therefore cannot run DHCP). The cable addresses are DHCP.
> The Linux box works fine with the cable. What (at a high level) do I have
> to do to the Linux box to get it functioning as a gateway?
>
> I have lots of doc -- just don't know where to start. Thanks.
--
/*
* Tom Hull * thull@xxxxxxxxxxx * http://www.ocston.org/~thull/
*/
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|
