[slightly OT & long] PPPoE iptables NAT

Norberto Quintanar nquintanar at yahoo.com
Fri May 6 08:17:29 MDT 2005 

Joseph, 

I couldn't agree with you more.  I used to believe that I had to save
all old hardware from landfills.  I set up an old PC250Mhz with
smoothwall - http://www.smoothwall.org/ - as a gateway firewall.  It
worked great.  Then winter came and my electricity bill was getting
out of hand.  Without going into extreme detail, computers use a lot
of electricity compared to a DSL modem and a router/ firewall with
NAT.

Just my $0.02

> Albrecht,
> 
> My experiences with using a computer as a gateway to the Internet
> for a
> home network have taught me that it can be done, but why would you
> want
> to. It's not very efficient, and is a waste of a compute resource.
> 
> The simplest solution is use a router that performs NAT as your
> gateway:
> 
>                                       ISP
>                                     --------
>                                        |
>                                        |
>                                    DSL Modem
>                                    ---------
>                                        |
>                                        |
>                                     Router [with builtin NAT &
> firewall]
>                                    --------
>                                        |
>                                        |
>                                     Switch [for additional ports]
>                                    --------
>                                      |...|
>                                      |...|
>                                    local machines
> 
> 
> I am using a LinkSys BEFSX41:
> * performs NAT
> * builtin firewall
> * supports 2 VPN's
> * acts as a 4 port switch
> 
> I need more than four switch ports so I have added an additional
> LinkSys
> 8 port switch [EG0801W].
> 
> The router is "dual-homed", meaning that it has two IP addresses:
> * a DHCP address assigned by the ISP
> * local network IP address, 192.168.0.254 [assigned by me]
> 
> All local machines set 192.168.0.254 as the gateway.
> 
> For example,
> 
>  % netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window 
> irtt Iface
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0      
>    0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0      
>    0 lo
> 0.0.0.0         192.168.0.254   0.0.0.0         UG        0 0      
>    0 eth0
> 
> The gateway router / NAT solution works well and requires little
> maintenance once configured. 
> 
> -Joseph
> 
>
==============================================================================================
> On Fri, 2005-05-06 at 11:47 +0000, Albrecht Dreß wrote:
> > Hi,
> > 
> > sorry for a slightly off-topic question regarding NAT with a
> PPPoE network.
> > 
> > I have a home network looking as follows:
> > 
> >          192.168.42.3
> >          -----------     -------
> >         | G4 Silver |   |       |---DSL Modem (ppp0)
> > ISDN---|ippp0  eth0|---|Switch |---more Macs (192.168.42.x)
> >          -----------     -------
> > 
> > The G4 is running Yellowdog 4.01 with a self-compiled 2.6.11.4
> kernel.
> > 
> > The "old" setup was an ISDN connection (no DSL present), and the
> G4 worked  
> > as router. Everything was perfect for the "local" net, except
> that the  
> > hardware (AVM Fritz) was not supported by MacOS, so I had no
> internet on  
> > the G4 (and connected clients) when running OS X.
> > 
> > Therefore, I removed the ISDN card, got DSL, plugged the modem
> into the  
> > switch, and now everything works fine with OS X. After a little
> fiddling  
> > around with ipfw and natd, I have routing support with OS X
> client.
> > 
> > Now I tried Linux, and I have internet on the G4 itself, but
> packets from  
> > the local net are apparently not routed/forwarded correctly. I
> did not  
> > change the NAT rules in iptables (except replacing ippp0 by ppp0,
> of  
> > course):
> > 
> > <snip>
> > [root at antares root]# iptables -t nat -L -n
> > Chain PREROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > 
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > MASQUERADE  all  --  192.168.42.0/24      0.0.0.0/0
> > 
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> > </snip>
> > 
> > Running tcpdump on both eth0 and ppp0, I can see that e.g. a http
> (tcp/80)  
> > request from the local net is going through eth0, and the same
> packet is  
> > then passed via ppp0. The response, though, is *not* returned to
> the  
> > requesting client.
> > 
> > I am using the kernel-based pppoe modules (pppoe, pppox), not the
> roaring  
> > penguin package coming with YDL. Does anyone have an idea why
> forwarding  
> > doesn't work with this setup? Any hints how I should configure my
> box? Or  
> > is it impossible to use the dsl modem and the local net at the
> same  
> > Ethernet interface (but why does it work with OS X, then)? Any
> pointers?
> > 
> > HELP! I'm really lost here...
> > 
> > Thanks in advance for any help,
> > 
> > Cheers, Albrecht.
> > 
> > _______________________________________________
> > yellowdog-general mailing list
> > yellowdog-general at lists.terrasoftsolutions.com
> >
>
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> > HINT: to Google archives, try  '<keywords>
> site:terrasoftsolutions.com'
> -- 
> joseph_sacco [at] comcast [dot] net
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
>
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords>
> site:terrasoftsolutions.com'
> 



		
__________________________________ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail

More information about the yellowdog-general mailing list