Iptables and isdn connection
Gelpi Andrea
gelpi@corona.it
Mon, 30 Jul 2001 11:42:31 +0200
RH 7.1 comes with kernel 2.4.2-2.
On Red Hat server there is a rpm for kernel 2.4.3.
I'm thinking to try it.
In my system the command
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
is included in /etc/rc3.d/S08isdn
ThankYou
Gelpi ing. Andrea
---------------------------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."
---------------------------------------------------------------
> -----Original Message-----
> From: Brad Chapman [mailto:kakadu@earthlink.net]
> Sent: sabato 28 luglio 2001 15.21
> To: gelpi@corona.it
> Cc: netfilter@lists.samba.org
> Subject: Re: Iptables and isdn connection
>
>
> Mr. Andrea,
>
> IIRC, someone reported problems concerning the use of netfilter with
> ip_dynaddr. He couldn't get it to work right either. Apparently, when it
> is used in conjunction with the MASQUERADE target, something
> breaks. AFAIK,
> a fix went in sometime around 2.4.4. What's your kernel version?
>
> Brad
>
> Gelpi Andrea wrote:
>
> > I check ip_dynaddr but I found it already set.
> > There must be something else.
> >
> > Thank You
> >
> > Gelpi ing. Andrea
> > ---------------------------------------------------------------
> > "It took the computing power of three C-64s to fly to the Moon.
> > It takes a 486 to run Windows 95. Something is wrong here."
> > ---------------------------------------------------------------
> >
> >
> >> -----Original Message-----
> >> Mr. Andrea,
> >>
> >> Try this:
> >>
> >> echo 1 > /proc/sys/net/ipv4/ip_dynaddr
> >>
> >> This is a hack which will re-write socket addresses for (I
> think) TCP
> >> streams
> >> which were started before a real address became available. However,
> >> there are a few
> >> bugs in either ip_dynaddr or the MASQUERADE target. AFAIK it
> should work.
> >>
> >> Brad
> >>
> >> Gelpi Andrea wrote:
> >>
> >>> I have a RH 7.1 on a PC I use as gateway to internet for a small lan.
> >>> So I have:
> >>> kernel 2.4.2-2
> >>> iptables 1.2.1a
> >>>
> >>> My lan use ip 192.168.0.x
> >>> Linux PC has IP 192.168.0.101
> >>>
> >>> Using isdn-config i setup isdn card, added a provider. I
> setup autodial
> >>> also.
> >>> I can connect to my provider and navigate Internet.
> >>>
> >>> Then I added the following roule to netfilter:
> >>>
> >>> iptables -t nat -A POSTROUTING -s 192.168.0/24 -o ippp0 -j MASQUERADE
> >>>
> >>> With this I can navigate Internet from my lan.
> >>>
> >>> My problem is that the first request from my lan.
> >>>
> >>> Using tcpdump and adding some rules with target LOG in
> >>
> >> netfilter I can see
> >>
> >>> the following:
> >>>
> >>> The request transit the nat PREROUTING chain, then the
> FORWARD chain and
> >>> then the nat POSTROUTING chain. Here the source ip is changed.
> >>>
> >>> Soon after a reboot POSTROUTING chain assign ip 192.168.0.101
> as source
> >>> IP(ISDN was never connected so there isn't a local IP on
> >>
> >> interface ippp0),
> >>
> >>> but when isdn set the local and remote ip of interface ippp0,
> retrasmit
> >>> packets coming from lan are still masquerade with the old IP.
> >>> So I have a request going to Internet with source ip 192.168.0.101.
> >>>
> >>> How can I solve this?
> >>