"Norby" wrote:
> ... the recommended practice was to execute the ipchains firewalling
> commands in ip-up rather than rc.firewall. Then to undo those
> commands in ip-down.
>
> It seems to work fine for me. Forwarding and ip_dynaddr kept enabled
> at all times, but the actual masqerading is not in effect until after
> a link comes up. Not sure if it really matters, but the setup works
> for me.
Just a second on this. With 0.99.1, ethertap, 2.2.13 (Mandrake 6.1)
this works very reliably for me at two different sites. No more first
packet loss (that I've noticed), although the Windows clients usually
time out before the link comes up. What was that registry setting
again?
I do remember reading something that implied (to me) that you need to
have forwarding working before the first packet will get through,
because it needs to be forwarded from the tap interface (where it
caused the link to come up) to the ppp interface. This would mean
that you need to enable /proc/...ip_forwarding AND have a working
forwarding rule set in place.
I just checked this at home, where I don't run forwarding, and sure
enough, the first packet is lost. I guess I never noticed it before
because most times the connection is brought up for host name
resolution, which is retried by the client, not IP.
Oh, I just remembered something else (this is unusual!). I bring up
the firewall/forwarding rules in the addroute script, before traffic
is routed to the ppp interface. That way there's no gap when the
external interface is in use but the rules are not in place.
<Joe
--
Joe Smith
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
