[slightly OT & long] PPPoE iptables NAT
Joseph E. Sacco, Ph.D.
joseph_sacco at comcast.net
Fri May 6 07:45:11 MDT 2005
Albrecht,
My experiences with using a computer as a gateway to the Internet for a
home network have taught me that it can be done, but why would you want
to. It's not very efficient, and is a waste of a compute resource.
The simplest solution is use a router that performs NAT as your gateway:
ISP
--------
|
|
DSL Modem
---------
|
|
Router [with builtin NAT & firewall]
--------
|
|
Switch [for additional ports]
--------
|...|
|...|
local machines
I am using a LinkSys BEFSX41:
* performs NAT
* builtin firewall
* supports 2 VPN's
* acts as a 4 port switch
I need more than four switch ports so I have added an additional LinkSys
8 port switch [EG0801W].
The router is "dual-homed", meaning that it has two IP addresses:
* a DHCP address assigned by the ISP
* local network IP address, 192.168.0.254 [assigned by me]
All local machines set 192.168.0.254 as the gateway.
For example,
% netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
The gateway router / NAT solution works well and requires little
maintenance once configured.
-Joseph
==============================================================================================
On Fri, 2005-05-06 at 11:47 +0000, Albrecht Dreß wrote:
> Hi,
>
> sorry for a slightly off-topic question regarding NAT with a PPPoE network.
>
> I have a home network looking as follows:
>
> 192.168.42.3
> ----------- -------
> | G4 Silver | | |---DSL Modem (ppp0)
> ISDN---|ippp0 eth0|---|Switch |---more Macs (192.168.42.x)
> ----------- -------
>
> The G4 is running Yellowdog 4.01 with a self-compiled 2.6.11.4 kernel.
>
> The "old" setup was an ISDN connection (no DSL present), and the G4 worked
> as router. Everything was perfect for the "local" net, except that the
> hardware (AVM Fritz) was not supported by MacOS, so I had no internet on
> the G4 (and connected clients) when running OS X.
>
> Therefore, I removed the ISDN card, got DSL, plugged the modem into the
> switch, and now everything works fine with OS X. After a little fiddling
> around with ipfw and natd, I have routing support with OS X client.
>
> Now I tried Linux, and I have internet on the G4 itself, but packets from
> the local net are apparently not routed/forwarded correctly. I did not
> change the NAT rules in iptables (except replacing ippp0 by ppp0, of
> course):
>
> <snip>
> [root at antares root]# iptables -t nat -L -n
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- 192.168.42.0/24 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> </snip>
>
> Running tcpdump on both eth0 and ppp0, I can see that e.g. a http (tcp/80)
> request from the local net is going through eth0, and the same packet is
> then passed via ppp0. The response, though, is *not* returned to the
> requesting client.
>
> I am using the kernel-based pppoe modules (pppoe, pppox), not the roaring
> penguin package coming with YDL. Does anyone have an idea why forwarding
> doesn't work with this setup? Any hints how I should configure my box? Or
> is it impossible to use the dsl modem and the local net at the same
> Ethernet interface (but why does it work with OS X, then)? Any pointers?
>
> HELP! I'm really lost here...
>
> Thanks in advance for any help,
>
> Cheers, Albrecht.
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
--
joseph_sacco [at] comcast [dot] net
More information about the yellowdog-general
mailing list