-----BEGIN PGP SIGNED MESSAGE-----
Barry L. Kline wrote:
>> I leave my firewall and masquarading rules in place
>> permanently, and let pppd handle route changes dynamically with the
>> defaultroute option. Is your setup too complex for that to work for
>> you (e.g., you don't want all clients to have access to ppp0)?
>>
>
>I thought I'd need the IP
>address of PPP0 for the firewall and masq to work correctly.
No, for masquarading, you only need to specify the source network,
which is internal and therefore known:
/sbin/ipchains -A forward -s 192.168.1.0/16 -j MASQ
And your firewall rules may specify the ppp0 interface for inbound
packets, so you don't need to know your current IP. For example:
/sbin/ipchains -A input -i ppp0 -p tcp ! -y -j ACCEPT
(That accepts everything from ppp0 except syns.)
I probably can't help you with pppd configuration if you're using
Linuxconf, wvdial, or some other front end, because I write my own
scripts. pppd normally looks for an "options" file in /etc/ppp, and
if you add "defaultroute" to that file, it'll handle the routing
change for you when the interface comes up. I have, however, had
trouble with this if I have a default gateway hardcoded in
/etc/sysconfig/network, so you may have to get rid of that. Look for
a message in syslog that says "Not replacing default route ...", or
something to that effect, to know if you have this problem.
I'm sure you probably know this too, but ipchains rules work on a
first-rule-matches scheme, so you may run into trouble if you delete
and re-add rules dynamically and you're not careful about the order in
which they get inserted.
- -d
- --
David Talkington
http://www.spotnet.org
PGP key: http://www.prairienet.org/~dtalk/dt000823.asc
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQEVAwUBOtju7b1ZYOtSwT+tAQF89QgAzYjnPeBG1YbZYwHIRbcbF3iCtM5h7Lyd
p1HPA6HZPh7toDxZurRVDW0gMqHG6yQxjLpVpWq1hThaNRV4TMfq9+/Qrd+KQXm0
OhkmQTyKHRNFIZDyzbcYSmYPFk1f5z0OmVsNweFeN9wfPMRUAxqnNZ8cI8uuDupf
yjfXStzWb399UQcA45WvOW2HvFQdn49zwylH7Q1/icStGpOCxjfO1A3sx342WBVH
pM3aMgOij2ESRE4OBfMOFvQTLBKvHlegPYEA9W3nwNNloM85FDQLZwTpwXWN7TcO
tepYPf5yIMdd6tu+jLI7vKDBH1NqqQHYuETmUx690++2xqG6aEe0GA==
=zBwS
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
