[slightly OT & long] PPPoE iptables NAT

Cian Duffy myob87 at gmail.com
Fri May 6 07:53:06 MDT 2005 

I concur with all of this - although my network topology does include
a computer thats routing packets between my wireless networks and my
older computers - including my 1997 Powermac...

Setting up NAT on a computer is painful. PPPoE NAT is even harder -
which is why the decent ISP's (all bar one) give real routers over
here

Cian

On 06/05/05, Joseph E. Sacco, Ph.D. <joseph_sacco at comcast.net> wrote:
> Albrecht,
> 
> My experiences with using a computer as a gateway to the Internet for a
> home network have taught me that it can be done, but why would you want
> to. It's not very efficient, and is a waste of a compute resource.
> 
> The simplest solution is use a router that performs NAT as your gateway:
> 
>                                       ISP
>                                     --------
>                                        |
>                                        |
>                                    DSL Modem
>                                    ---------
>                                        |
>                                        |
>                                     Router [with builtin NAT & firewall]
>                                    --------
>                                        |
>                                        |
>                                     Switch [for additional ports]
>                                    --------
>                                      |...|
>                                      |...|
>                                    local machines
> 
> I am using a LinkSys BEFSX41:
> * performs NAT
> * builtin firewall
> * supports 2 VPN's
> * acts as a 4 port switch
> 
> I need more than four switch ports so I have added an additional LinkSys
> 8 port switch [EG0801W].
> 
> The router is "dual-homed", meaning that it has two IP addresses:
> * a DHCP address assigned by the ISP
> * local network IP address, 192.168.0.254 [assigned by me]
> 
> All local machines set 192.168.0.254 as the gateway.
> 
> For example,
> 
>  % netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> 0.0.0.0         192.168.0.254   0.0.0.0         UG        0 0          0 eth0
> 
> The gateway router / NAT solution works well and requires little
> maintenance once configured.
> 
> -Joseph
> 
> ==============================================================================================
> On Fri, 2005-05-06 at 11:47 +0000, Albrecht Dreß wrote:
> > Hi,
> >
> > sorry for a slightly off-topic question regarding NAT with a PPPoE network.
> >
> > I have a home network looking as follows:
> >
> >          192.168.42.3
> >          -----------     -------
> >         | G4 Silver |   |       |---DSL Modem (ppp0)
> > ISDN---|ippp0  eth0|---|Switch |---more Macs (192.168.42.x)
> >          -----------     -------
> >
> > The G4 is running Yellowdog 4.01 with a self-compiled 2.6.11.4 kernel.
> >
> > The "old" setup was an ISDN connection (no DSL present), and the G4 worked
> > as router. Everything was perfect for the "local" net, except that the
> > hardware (AVM Fritz) was not supported by MacOS, so I had no internet on
> > the G4 (and connected clients) when running OS X.
> >
> > Therefore, I removed the ISDN card, got DSL, plugged the modem into the
> > switch, and now everything works fine with OS X. After a little fiddling
> > around with ipfw and natd, I have routing support with OS X client.
> >
> > Now I tried Linux, and I have internet on the G4 itself, but packets from
> > the local net are apparently not routed/forwarded correctly. I did not
> > change the NAT rules in iptables (except replacing ippp0 by ppp0, of
> > course):
> >
> > <snip>
> > [root at antares root]# iptables -t nat -L -n
> > Chain PREROUTING (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > MASQUERADE  all  --  192.168.42.0/24      0.0.0.0/0
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> > </snip>
> >
> > Running tcpdump on both eth0 and ppp0, I can see that e.g. a http (tcp/80)
> > request from the local net is going through eth0, and the same packet is
> > then passed via ppp0. The response, though, is *not* returned to the
> > requesting client.
> >
> > I am using the kernel-based pppoe modules (pppoe, pppox), not the roaring
> > penguin package coming with YDL. Does anyone have an idea why forwarding
> > doesn't work with this setup? Any hints how I should configure my box? Or
> > is it impossible to use the dsl modem and the local net at the same
> > Ethernet interface (but why does it work with OS X, then)? Any pointers?
> >
> > HELP! I'm really lost here...
> >
> > Thanks in advance for any help,
> >
> > Cheers, Albrecht.
> >
> > _______________________________________________
> > yellowdog-general mailing list
> > yellowdog-general at lists.terrasoftsolutions.com
> > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> > HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> --
> joseph_sacco [at] comcast [dot] net
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 


-- 
-------------------------
"We're busy running out of time"

More information about the yellowdog-general mailing list