Hi guys - I'm using Masq and RedHat 5.1 with DSL; and not having any
problems - but, there's a few gotchas.
Here's the deal:
When you connect your Linux box to the DSL "modem", you are in effect
putting that box directly on your ISP's network (and the internet). If you
connect the modem to a HUB, and then connect the hub to more than one box;
then BOTH of those boxes need IP address's IN YOUR ISP's address space
(because they'll both be on the ISP's network). This is probably NOT what
you want; both in terms of what you want to pay your ISP and in terms of
security.
So - what you need to do is have a multi-homed host. So, on your "masq'ing"
machine, you need to get ANOTHER NIC; and plug the DSL modem into that.
Then; you can treat that NIC and the ISP's address just like a PPP
connection in the MASQ docs.
As far as security goes - you need it! Take a look at the IP Firewall
documentation, and at TCP-WRAPPERS. The Trinity OS is also a good starting
point.
Good luck!
Clay Jackson
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Caleb Shay
> Sent: Friday, December 04, 1998 11:11 PM
> To: Masq
> Subject: [masq] Another Masq under DSL
>
>
> Hi,
> I think I'm close, but somebody just has to tell me what I'm doing
> wrong.
> I would try to explain it, but I can't, so here's a picture.
> Here's the setup:
>
> DSL-Modem
> |
> _____________Hub_______
> | |
> Box A Box B
> (eth0 is static (eth0 is
> eth0:0 is 192.168.1.2
> 192.168.1.1) and gateway is
> 192.168.1.1)
>
> I have all the requisite options compiled into my kernel (2.1.131), and
> Box A and Box B can see each other, and Box A can see the outside world,
> but Box B only kind of sees it. What I mean is this:
>
> boxb% traceroute www.yahoo.com
> 1 192.168.1.1
> ---
> --- (doing hops here)
> ---
> 11 www7.yahoo.com [204.71.200.72]
>
> I think to myself "Great, got this working first try!". But, trying to
> browse to any page in a web browser fails. I can telnet to machines
> outside without a problem, I can ping, etc. But web browsing fails.
> Since the only reason for setting this up was so that BoxB could browse
> the web I haven't succeeded yet.
>
> I have the following in my startup scripts:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/ifconfig eth0:0 192.168.1.1
> /sbin/route add -net 192.168.1.0 dev eth0:0
> (This line returns "SIOCADDRT: Invalid argument", which I'm sure is bad,
> but since this is technically a different network, don't I need this?)
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains -F forward
> /sbin/ipchains -P input ACCEPT
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -P forward MASQ
> /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> I know that this provides no security, but I don't see how it's any LESS
> secure than just having one machine hooked to the internet without any
> type of firewall. If I'm horribly wrong here, let me know.
>
> Thank you for your time,
>
> Caleb Shay
>
>
>
>
> --
> I have too much blood in my caffeine system.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
