On Mon, Aug 26, 2002 at 11:10:04AM +0200, Karolina Lindqvist wrote: > upp. Jag kan naturligtvis (förhoppningsvis) lägga in kommandona i > /etc/ppp/ip-up, men är det verkligen så man ska göra? Ibland gör jag saker > för att få det att fungera, men så har debian en annan åsikt och något slutar > fungera senare när man som minst anar det. I det här fallet finns ju risken > för säkerhetshål också.
/etc/ppp/ip-up låter som ett bra alternativ. > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > Den sista var ju helt logisk. :-) > Jag fattar inte mer av det utom att det faktiskt löser problemet. Read The Fine Manual ? -t, --table table This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. nat This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). -o, --out-interface [!] name Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. -j, --jump target This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. MASQUERADE This target is only valid in the nat table, in the POSTROUTING chain. It should only be used with dynamically assigned IP (dialup) connections: if you have a static IP address, you should use the SNAT target. Masquerading is equivalent to specifying a mapping to the IP address of the interface the packet is going out, but also has the effect that connections are forgotten when the interface goes down. This is the correct behavior when the next dialup is unlikely to have the same interface address (and hence any established connections are lost anyway). -- Peter Mathiasson, peter at mathiasson dot nu, http://www.mathiasson.nu GPG Fingerprint: A9A7 F8F6 9821 F415 B066 77F1 7FF5 C2E6 7BF2 F228
pgp4lQ7LGxWr2.pgp
Description: PGP signature
