Re: Re[2]: problem

Thu, 16 Sep 2004 17:48:19 -0500 

--- Корнеев Александр <[EMAIL PROTECTED]> wrote:

> 1. Add this line into /etc/sysctl.conf
> 
>    net.ipv4.ip_forward = 1
> 
>   this is the same as  ">>  echo "1"  > /proc/sys/net/ipv4/ip_forward"
> but you woudn't lose
>   settings on reboot.
This can be done in /etc/network/options with less typing.
-ip_forward=no
+ip_forward=yes

> 
> 2. Add this strings into your ipchains script or into ipchains rules
> 
>    EXTERNAL_INTERFACE="eth0"               # Internet connected
> interface
>    LOCAL_INTERFACE="eth1"                # Internal LAN interface 1
>    LOCALNET="192.168.2.0/24"             # Whatever private range you
> use 1
> 
>    # set masquerade timeout to 10 hours for tcp connections
>    ipchains -M -S 36000 0 0
>    # Don't forward fragments. Assemble before forwarding.
>    ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY
>    # Masquerade internal traffic.
>    # All internal traffic is masqueraded externally.
>    ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET -j MASQ
> 
> But if you don't want to masqarade all you internal traffic, but need to
> replicate
> only few ports you may use xinet.d daemon.
> 
> -----------------------
> 
> Best regards,
> Alexander.
> 
> > On Wed, Sep 15, 2004 at 02:55:58PM +0200, Crc32 wrote:
> >> Alle 00:44, giovedм 16 settembre 2004, office ha scritto:
> >> > I am trying to configure a Debian mashine to route packets from the
> network
> >> > 192.168.2.0 to/from Internet through interface 193.68.28.142(eth1)
> eth0 has
> >> > an address from192.168.2.0 - 192.168.2.1
> >> > I use "ipchains". Could you help me?
> >> > Maybe I should configure anything else?
> >> > I don't have "iptables" installed
> >> >
> >> > Stoyan
> >> Try enabling ip_forward with this:
> >> 
> >>  echo "1"  > /proc/sys/net/ipv4/ip_forward
> >> 
> >> ps.
> >> Excuse me for my english but i'm an italian guy.
> 
> > Your english is perfect. But I have doubts that just enabling routing
> > will help. ;) He's having private IP addresses on his local network
> > (192.168.2.0/24). Routing may help getting the packets out but they
> > won't find their way back in.
> 
> >  Christoph
> 
> > P.S.: Are we all using pseudonyms here now?
> 
> > -- 
> > ~
> > ~
> > ".signature" [Modified] 3 lines --100%--                3,41        
> All
> 
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> 
> 



        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Reply via email to