Subject: ethernet-LAN and ethertap (a little long)
From: Arthur Sedlacek (sedlacek@bnl.gov)
Date: Tue Jul 11 2000 - 07:24:17 MDT
I have successfully established communication between my MacOS (8.6) and
linux (2.2.17pre7) via IP masquerading (using TAP0 approach well
documented in this list) such that I can connect to the outside world via
PPP (linux side) and be able to communicate from the Mac-side via the
IPMASQ. Okay then, so whats my problem.....
I have a lombard, and when I work at home I access my company's network
via PPP. However, when I'm at work I connect directly to the LAN via the
ethernet port. Unfortunately, although I still have communication between
the linux and the Mac (i.e., I can telnet) the mac cannot see the outside
world. Normally this would not be a problem, but upper management
here *loves* micro$oft office....so I need for my Mac-side to be able to
email the Word documents via Outlook. :-(
Going to the appletalk control panel I've noticed that under the "info"
button, appletalk (configured for ethernet) does not recognise the router
(192.168.0.1), yet TCP/IP can see it. Also, since I use location manager
to switch from actual Mac-only configuration to the IP-MASQ-based configuration I've
noticed that I get the following message:
'Previous selected slot not available. The connection has been changed
to "Ethernet" '
Below I have attached a script I use...
relevant stats:
Mac-side: Open transport 2.0.3
TCP/IP: 2.0.3
IP: 192.168.0.2
Thanks in advance....
A-
**************************
#!/bin/sh
# Begin /etc/init.d/firewall
# (/etc/rc.d/init.d/firewall on some systems)
#
# To save this file to disk under Linux Netscape, use your
# browser back button and right click on the link to this
# file.
#
# This script will set up linux fir IP Masquerading with the
# virtual device Ethertap. To use it with IP Masquerading in
# the more tradition physical LAN, you will need to edit this
# file.
#
# This file works as is for giving internet service to Mac OS
# under MOL assuming that the network address you will give
# your Mac OS under MOL is 192.168.0.2
#
# You will need to modify this script for use of a different address
check_status()
{
if [ $? = 0 ]
then
echo "OK"
else
echo "FAILED"
fi
}
case "$1" in
start)
echo -n "Starting IP Masquerading Firewall..."
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
#Needed Section Below Only If Using Ethertap
/sbin/modprobe ethertap
/sbin/ifconfig tap0 192.168.0.1 netmask 255.255.255.0 up arp
/sbin/route add -host 192.168.0.1 tap0
echo "1" > /proc/sys/net/ipv4/conf/tap0/proxy_arp
/sbin/arp -s 192.168.0.2 FE:FD:00:00:00:00 pub
# Enable IP Masquerading
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users (SLIP, PPP, DHCP) uncomment below line
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeouts for traffic after the TCP/IP "FIN" packet received
# 160 sec timeout for UDP traffic
#
/sbin/ipchains -M -S 7200 10 160
# DHCP: If you get your external IP from DHCP or BOOTP uncomment below
#/sbin/ipchains -A imput -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 -p udp
# Enable simple IP forwarding and Masquerading
#
# The network number and subnet needs to match your own internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.2/24 -j MASQ
check_status
;;
stop)
echo -n "Stopping Firewall/IPMASQ..."
echo "0" > /proc/sys/net/ipv4/conf/tap0/proxy_arp
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/ifconfig tap0 down
check_status
;;
*)
echo "Usage: $0 {start|stop}"
;;
esac
# End /etc/init.d/firewall
*******************************************************************
Arthur J. Sedlacek, III, Ph.D.
Optical Remote Sensing & Spectroscopy Group Leader
email: sedlacek@bnl.gov
This archive was generated by hypermail 2a24 : Tue Jul 11 2000 - 07:27:32 MDT