ginaa
asked on
linux as route
Dear all,
I use red hat 7.3 as private ISP.
situation as follow
1. linux+ADSL pppoe connect internet OK (eth0, ppp0)
2. linux com port + MODEM
3. win98 client dial-up connect OK (ppp1, use private ip 10.10.10.X)
4. after dial-in, linux route has a row for 10.10.10.x
5. linux ip-forward enabled
6. setting no firewall
7. client connect linux OK, but internet fail.
Anything else?
regards
ginaa
I use red hat 7.3 as private ISP.
situation as follow
1. linux+ADSL pppoe connect internet OK (eth0, ppp0)
2. linux com port + MODEM
3. win98 client dial-up connect OK (ppp1, use private ip 10.10.10.X)
4. after dial-in, linux route has a row for 10.10.10.x
5. linux ip-forward enabled
6. setting no firewall
7. client connect linux OK, but internet fail.
Anything else?
regards
ginaa
ASKER
I mean my win98 client can not connect internet through my linux.
regards
ginaa
regards
ginaa
You want IP Masquerading, also known as Network Address Translation, or NAT. The functionality is available through any of the three firewall tools.
The quickest method, using IPCHAINS as root:
# modprobe ipchains
# ipchains -A FORWARD -s 10.0.0.0/255.0.0.0 -j MASQ
The single ipchains line above will forward your entire 10.x.x.x subnet through the linux box to the internet. You will also need your DSL to be the default route on the linux box (very important). This makes it easy to set up a "home" or "trusted" network using DHCP grants for the same subnet, so to get internet access, it's literally "plug-n-play" with the network jack. Note that ipchains has some limitations that cause FTP to not work, but there are some modules you can probe for that work around these issues.
It's a little more involved for iptables, but the stateless inspection makes life so much easier...and is nearly rid of any of the issues of ipchains.
The quickest method, using IPCHAINS as root:
# modprobe ipchains
# ipchains -A FORWARD -s 10.0.0.0/255.0.0.0 -j MASQ
The single ipchains line above will forward your entire 10.x.x.x subnet through the linux box to the internet. You will also need your DSL to be the default route on the linux box (very important). This makes it easy to set up a "home" or "trusted" network using DHCP grants for the same subnet, so to get internet access, it's literally "plug-n-play" with the network jack. Note that ipchains has some limitations that cause FTP to not work, but there are some modules you can probe for that work around these issues.
It's a little more involved for iptables, but the stateless inspection makes life so much easier...and is nearly rid of any of the issues of ipchains.
ASKER
follow you instructions
I got a message:
>> ipchains: protocol not available
What's the problem?
I already check the item of ipchains in setup/service screen
regards
ginaa
I got a message:
>> ipchains: protocol not available
What's the problem?
I already check the item of ipchains in setup/service screen
regards
ginaa
sounds like you have iptables, try this:
iptables -t nat -A POSTROUTING -o wan-nic -j MASQUERADE
(where you replace wan-nic bythe interface name connected to your ADSL router)
iptables -t nat -A POSTROUTING -o wan-nic -j MASQUERADE
(where you replace wan-nic bythe interface name connected to your ADSL router)
ASKER
Thanks for response
After execute "iptables -t nat -A POSTROUTING -o wan-nic -j MASQUERADE", it works.
But then I reboot linux box, I can not dial in anymore.
I got a error msg:
LCP: timeout sending Config-Requests
What's up?
I have two lines in file "pap-secrets", one for linux box ADSL dial-out, the other for client dial-in linux box.
file "options.ttyS1" as follow
auth
+pap
persist
passive
ktune
10.10.11.1:10.10.11.3
Any suggestion?
regards
ginaa
After execute "iptables -t nat -A POSTROUTING -o wan-nic -j MASQUERADE", it works.
But then I reboot linux box, I can not dial in anymore.
I got a error msg:
LCP: timeout sending Config-Requests
What's up?
I have two lines in file "pap-secrets", one for linux box ADSL dial-out, the other for client dial-in linux box.
file "options.ttyS1" as follow
auth
+pap
persist
passive
ktune
10.10.11.1:10.10.11.3
Any suggestion?
regards
ginaa
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, ahoffmann
your iptables command solve my question here.
so i will accept as answer.
can not dial-in linux box after reboot may be another problem.
or simultaneously dial-in and dial-out should have special setting.
maybe i need to create another question.
regards
ginaa
your iptables command solve my question here.
so i will accept as answer.
can not dial-in linux box after reboot may be another problem.
or simultaneously dial-in and dial-out should have special setting.
maybe i need to create another question.
regards
ginaa
Thank. You're welcome.
what do you mean by that?