Oh, and Dave was using a 2.0.x box, so I would guess ipchains would not
be an option - I don't know if this matters or not in terms of the
forwarding rules.
- Jon
Jonathan French wrote:
>
> Hi Charles,
>
> Um, my mindset was probably the old "if you have a hammer, every problem
> looks like a nail" situation. I have always required a proxy-arp
> situation, so I hadn't considered separate ppp "hosts". So you can drop
> the <local ip>:<ppp ip> (lets client specify) and proxyarp, and just get
> a ppp interface, which could have packets masq'd. I guess I am used to
> using network.conf to define the masquerading - I suppose you could use
> ppp0, ppp1, ppp2, etc in network.conf. It sounded like Dave had ~20 ppp
> connections, which at least in my warped mind would make a dummy
> interface with a single set of rules make sense. I guess I am also used
> to specifying the IPMASQing on a per interface basis rather than on the
> external interface.
>
> As one of my old professors used to say, "There's more than one way to
> skin a cat."
>
> - Jon
>
> Charles Steinkuehler wrote:
> >
> > > > > Since you are shy some "real" addresses for the PPP clients, would it
> > be
> > > > > ok to put the PPP clients on a masq'd subnet?
> > > >
> > > > That's what I was hoping for.
> > > >
> > > > > To do this, you could
> > > > > toss a cheap NIC into the box, assign it to a masq'd 192.168.x.x
> > subnet
> > > > > (don't attach it to anything), and then use its address as the first
> > > > > address in the options.ttySX line.
> > > >
> > > > Could I use the dummy (network) device for this purpose instead of a
> > > > cheap NIC?
> > > >
> > > > > The additional NIC allows you to establish a fake masq'd net, and
> > gives
> > > > > your PPP clients a little more security. You can drop the second
> > > > > address if you assign each client a unique 192.168.x.x address, or
> > with
> > > > > the options.ttySX, you can assign a unique internal IP address by
> > serial
> > > > > connection (or by phone #).
> > > >
> > > > I was thinking I'd do this:
> > > >
> > > > NIC: Internet-visible IP addr
> > > > PPP(24x): private IP range (10.x.x.x or 192.168.x.x)
> > > >
> > > > ...with the discussion you've given me, that adds:
> > > >
> > > > NIC #2: dummy interface
> > > >
> > > > ...would this work?
> >
> > Um...just wack me if I'm missing something obvious here, but what's with the
> > extra NIC and proxy arp stuff?
> >
> > As I understand it, David needs to connect some PPP users to the 'net, and
> > doesn't have 'real' IPs to assign, so he wants to use masquerading...fine.
> >
> > Masquerading happens in the forwarding chain of linux 2.2 kernels. The IP
> > packets will be forwarded as long as forwarding is enabled, and the system
> > has a route to the destination IP...pretty basic. The kernel knows about
> > the pppX devices when pppd creates and configures them once a connection
> > comes up. As soon as this happens, the kernel will start routing packets
> > between the new ppp interface and any other interfaces configured. If there
> > are masquerade rules in the forward chain, the pakets will be masqueraded.
> >
> > I'm confused about why you'd need an "internal net" ethernet card with
> > proxy-arp enable, unless you actually wanted to allow folks access to your
> > internal net (dialup users for a small business network would be a good
> > example...get access to the office net and piggyback off their 'net
> > connection with one phone call).
> >
> > Charles Steinkuehler
> > http://lrp.steinkuehler.net
> > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
