Subject: Re: MOL networking broken on recent kernels?
dpates@dsdk12.net
Date: Tue Jan 16 2001 - 14:13:13 MST
Ok, normally I wouldn't reply to my own mail, but in this case, I think it's
necessary:
> ifconfig tun0 172.16.0.1 netmask 255.255.255.0
> iptables -t nat -A PREROUTING -j MASQUERADE -d ! 172.16.0.0/24
> iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> iptables -t filter -A FORWARD -s 172.16.0.0/24 -d ! 172.16.0.0/24 -j
> ACCEPT
> iptables -t filter -P FORWARD DROP
> echo "1" > /proc/sys/net/ipv4/ip_forward
First, don't bother with the tunnel driver, Use the 'dummy' net driver, and use
'ifconfig dummy0 172.16.0.1 netmask 255.255.255.0 broadcast 172.16.0.255' as the
command line to configure the virtual device. Also, apparently the 'MASQUERADE'
target is brain-damaged at present - I discovered the packets were being sent
out with the private-net address as the source, instead of the external IP. So,
use the 'SNAT' target, and specify '--to <ext-ip-addr>' on that same command
line. It should finally read like:
iptables -t nat -A PREROUTING -j SNAT -s 172.16.0.0/24 -d ! 172.16.0.0/24 --to
<ext-ip>
> 2) Set the 'netdev:' line in /etc/molrc to something resembling the
> following:
>
> netdev: tun0 -sheep
Make this:
netdev: dummy0 -sheep
> atalkd.conf
> should look something like this:
>
> # Set the ethertalk net number range to something high, that probably
> # won't be used already, and make sure the zone name is something
> unique
> tun0 -seed -phase 2 -net 9000-9010 -zone "MOLZONE"
> eth0
>
> Make sure tun0 is already configured when atalkd starts.
Replace tun0 with dummy0, as before.
I did this, and finally got a working setup. If anyone can figure out why the
'MASQUERADE' target is not working, drop me a line.
Derrik Pates
dpates@dsdk12.net
This archive was generated by hypermail 2a24 : Tue Jan 16 2001 - 14:13:41 MST