Subject: Re: MOL and YDL 1.2.1 / networking
From: R Shapiro (reshapiro@mediaone.net)
Date: Sat Nov 11 2000 - 17:26:26 MST
Ewen Bell writes:
> echo "1" > /proc/sys/net/ipv4/conf/tap0/proxy_arp
> /sbin/arp -s 192.168.5.2 FE:FD:00:00:00:00 pub
Don't do this with current release of mol.
> echo "1" >/proc/sys/net/ipv4/ip_forward
> echo "1" >/proc/sys/net/ipv4/ip_dynaddr
If you're running the new initscripts you should configure this in
/etc/sysctl.conf instead of using the echo:
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 1
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.5.0/24 -j MASQ
Needless to say, if you have other firewall rules, and in particular
if your input and output policy are DENY (which they probably should
be), you'll also need to add rules to ALLOW traffic from the tap0
device on your local net, in this case 192.168.5.0/24. For example:
ipchains -A output -i tap0 -s any/0 -d 192.168.5.0/24 -j ACCEPT
ipchains -A input -i tap0 -s 192.168.5.0/24 -d any/0 -j ACCEPT
Otherwise the firewall will block the tap0 traffic.
Of course you also need to be running a kernel which includes ethertap
support.
-- reshapiro@mediaone.net
This archive was generated by hypermail 2a24 : Sat Nov 11 2000 - 17:26:10 MST