On Fri, Oct 23, 1998 at 09:53:30AM -0400, Derek T. Murphy wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I have this problem: Dial-in users are forwarded/masqueraded properly to
> the WAN, but they CANNOT see the local network. I'm _sure_ the
> fumble-fingered idiot behind my keyboard ;-) is missing something, but I
> can't figure out what. Any ideas?
>
>
> The setup:
> -----------------
> - ----------- | Linux-2.0.34 |
> | dial-up |<---->ppp0 |
> |static IP| | eth0<====>192.168.36.0 local network
> | address | | 192.168.36.50|
> - ----------- | |
> | eth1<====>204.4.21.240 router to the "world"
> | 204.4.21.50 |
> -----------------
>
> On boot-up, this script DOES run:
>
> #!/bin/sh
> # /etc/rc.d/rc.ipfwadm
> PATH=/sbin:/usr/sbin:/usr/bin:/usr/sbin
> ipfwadm -I -f
> ipfwadm -O -f
> ipfwadm -F -f
> ipfwadm -F -a accept -S 192.168.36.0/24 -D 192.168.36.0/24 -o
> ipfwadm -F -a masquerade -S 192.168.36.0/24 -D 204.4.0.0/16 -o
> ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
> # End of rc.inet1
>
> When a dial-in happens, /etc/ppp/ip-up IS executed: $1 is the interface
> name, and $5 IS the dial-in user's static IP address (they all have one).
>
> #!/bin/sh
> # /etc/ppp/ip-up
> /sbin/ipfwadm -F -i accept -W $1 -S 192.168.36.0/24 -D $5 -o
> /sbin/ipfwadm -F -i accept -W $1 -S $5 -D 0.0.0.0/0 -o
^^^^^
For forwarding rules, -W specifies the interface out through which packets
should be forwarded. So by specifying -W $1 in the rule to forward the dialup
users to the Internet, you're telling it to forward the packet through the PPP
interface, rather than eth1. Try -W eth1 there and see what happens.
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]