Hi Charles,
Um, my mindset was probably the old "if you have a hammer, every problem
looks like a nail" situation. I have always required a proxy-arp
situation, so I hadn't considered separate ppp "hosts". So you can drop
the <local ip>:<ppp ip> (lets client specify) and proxyarp, and just get
a ppp interface, which could have packets masq'd. I guess I am used to
using network.conf to define the masquerading - I suppose you could use
ppp0, ppp1, ppp2, etc in network.conf. It sounded like Dave had ~20 ppp
connections, which at least in my warped mind would make a dummy
interface with a single set of rules make sense. I guess I am also used
to specifying the IPMASQing on a per interface basis rather than on the
external interface.
As one of my old professors used to say, "There's more than one way to
skin a cat."
- Jon
Charles Steinkuehler wrote:
>
> > > > Since you are shy some "real" addresses for the PPP clients, would it
> be
> > > > ok to put the PPP clients on a masq'd subnet?
> > >
> > > That's what I was hoping for.
> > >
> > > > To do this, you could
> > > > toss a cheap NIC into the box, assign it to a masq'd 192.168.x.x
> subnet
> > > > (don't attach it to anything), and then use its address as the first
> > > > address in the options.ttySX line.
> > >
> > > Could I use the dummy (network) device for this purpose instead of a
> > > cheap NIC?
> > >
> > > > The additional NIC allows you to establish a fake masq'd net, and
> gives
> > > > your PPP clients a little more security. You can drop the second
> > > > address if you assign each client a unique 192.168.x.x address, or
> with
> > > > the options.ttySX, you can assign a unique internal IP address by
> serial
> > > > connection (or by phone #).
> > >
> > > I was thinking I'd do this:
> > >
> > > NIC: Internet-visible IP addr
> > > PPP(24x): private IP range (10.x.x.x or 192.168.x.x)
> > >
> > > ...with the discussion you've given me, that adds:
> > >
> > > NIC #2: dummy interface
> > >
> > > ...would this work?
>
> Um...just wack me if I'm missing something obvious here, but what's with the
> extra NIC and proxy arp stuff?
>
> As I understand it, David needs to connect some PPP users to the 'net, and
> doesn't have 'real' IPs to assign, so he wants to use masquerading...fine.
>
> Masquerading happens in the forwarding chain of linux 2.2 kernels. The IP
> packets will be forwarded as long as forwarding is enabled, and the system
> has a route to the destination IP...pretty basic. The kernel knows about
> the pppX devices when pppd creates and configures them once a connection
> comes up. As soon as this happens, the kernel will start routing packets
> between the new ppp interface and any other interfaces configured. If there
> are masquerade rules in the forward chain, the pakets will be masqueraded.
>
> I'm confused about why you'd need an "internal net" ethernet card with
> proxy-arp enable, unless you actually wanted to allow folks access to your
> internal net (dialup users for a small business network would be a good
> example...get access to the office net and piggyback off their 'net
> connection with one phone call).
>
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
