update Re: [Techtalk] interfacing ppp0 with eth0 ?

dominik.schramm at gmxpro.net dominik.schramm at gmxpro.net
Sat Jan 3 02:43:33 EST 2004


Hi again (and last time for today),

mic <mic at linefeed.org> writes:
> summary:
> -gateway comp is on-line (thanks)
> -lan is functioning (right now as we speak i am sshing into the gateway
> from a lan comp)
> -this lan comp can not get access on-line otherwise

Your iptables rules are okay? 
Did you turn on ip-forwarding and masquerading on the gateway host?

> i couldn't think of why to give eth0 an ip address, so other than auto, i
> ignored it

That's what the HowTo said, stating that it is necessary 
although it sounds stupid. I never questioned it. :-)

> -su-2.05b# netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags MSS Window irtt Iface
> 66.123.200.254  0.0.0.0         255.255.255.255 UH      0 0         0 ppp0
> 10.0.0.0        0.0.0.0         255.0.0.0       U       0 0         0 eth1
> 0.0.0.0         66.123.200.254  0.0.0.0         UG      0 0         0 ppp0
> ----------------------------------------------------------------
> as i understand it,
> -line 1 says that anything destined for the outside world should go
> through ppp0

Anything destined for the host 66.123.200.254 should go via ppp0.

> -line 2 says that anything destined for 10.x.x.x should go thru the eth1
> and this is the line that i need to add some firewalling on.

Firewalling for what? For blocking unwanted traffic from the internet?
I'd do this on ppp0, because that is the internet-side interface.

> -line 3 says that to go anywhere from the lan, use ppp0

Line 3 is the catch-all entry: any destination (for which there 
was no match in the routing table so far) is routed via 66.123.200.254/ppp0.

> so i am not so sure why i am not getting on line from this lan comp, but i
> am sure there could still be many reasons.

Now that the gateway machine is on-line, I'd double-check the
iptables rules. If you have any entries apart from masquerading
at all, I'd delete them while testing. You can re-add them one
after the other when everything else works.
I've often had such problems.

regards,
dominik



More information about the Techtalk mailing list