Newbie Help -> VPN client thru kernel 2.4.10 MASQ?

Newbie Help -> VPN client thru kernel 2.4.10 MASQ?

Post by Hiro Protagonis » Sat, 26 Jan 2002 12:41:52



Hello All,
Please help a linux newbie, bear with me,
I'm sharing a cable modem connection.
A linux host (suse 7.3 kernel 2.4.10) with IP masquerade.
A win98 VPN client laptop, Bay Networks(Nortel) ExtraNet Client Software
(IPsec) no header authentication.
I've gone systematically through all the relevant How-To's and got the basic
network (home LAN eth1 sharing the internet eth0) working, phew.
What I want to know specifically is how to set up linux to get the client
VPN tunnel to pass through. I understand that in older kernels 2.2.x there
was a patch for IPchains but none for 2.4.x and IPtables. The only pointer
was to;
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
and he wrote this;

Quote:> 2.4.x-series kernels
> Masquerading a single VPN client using IPtables is fairly simple to
> set up, and requires no special patches.
> #!/bin/bash
> # Load the NAT module (this pulls in all the others).
> /sbin/modprobe iptable_nat

> modprobe ip_conntrack_ftp
> modprobe ip_nat_ftp

> # CBQ setup
> /usr/local/sbin/iptables -I PREROUTING -t mangle -p tcp -d
> JoshuaEichorn.com -j MARK --set-mark 1

> /sbin/tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw
> classid 1:1

> # In the NAT table (-t nat), Append a rule (-A) after routing
> # (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
> # MASQUERADE the connection (-j MASQUERADE).
> /usr/local/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

> # Turn on IP forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward

Ok, simple right? Well, not for me, I need it spelled out a little more.
What is that CBQ setup mean exactly, the commands and switches? How do I
personalize this script for my configuration? That whole
middle section, between modprobe and IP forwarding is giving me a brain
lock, could someone let me in on what he is saying I need to do?
Where does this file go and how do I set it up to run on boot up?
Any help is greatly appreciated, thanks,

Bryan

 
 
 

Newbie Help -> VPN client thru kernel 2.4.10 MASQ?

Post by Steve Cowle » Sat, 26 Jan 2002 23:11:33



Quote:> Hello All,
> Please help a linux newbie, bear with me,
> I'm sharing a cable modem connection.
> A linux host (suse 7.3 kernel 2.4.10) with IP masquerade.
> A win98 VPN client laptop, Bay Networks(Nortel) ExtraNet Client Software
> (IPsec) no header authentication.
> I've gone systematically through all the relevant How-To's and got the
basic
> network (home LAN eth1 sharing the internet eth0) working, phew.
> What I want to know specifically is how to set up linux to get the client
> VPN tunnel to pass through. I understand that in older kernels 2.2.x there
> was a patch for IPchains but none for 2.4.x and IPtables. The only pointer
> was to;
> ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
> and he wrote this;

The website you are referencing contains dated material. Try:
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

It's a little more up to date.

Steve Cowles

 
 
 

1. Help -> VPN client thru kernel 2.4.10 MASQ?

Please help a linux newbie,
I'm sharing a cable modem connection, a Linux server(kernel 2.4.10) and a
win98 client using Linux IP Masquerade, I've gone through all the
relevant How-To's and what I want to know specifically is how to set up
linux to get the VPN client(IPsec)to pass through. I know in older
kernels 2.2.x there was a patch but none for 2.4.x. Then I found;
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html and he
wrote this;

Ok, simple right? Well, what is that CBQ setup mean exactly? That whole
middle section, between modprobe and IP forwarding is giving me a brain
lock, could someone let me in on what it's saying I need to do. TIA,

Bryan

2. Simulate multiple router hops with one PC?

3. VPN via iptables Redhat 7.1 Kernel 2.4.10 partially working

4. X11R6 3.1.2 and ATI Win Turbo - can anyone help ?

5. VM: 2.4.10 vs. 2.4.10-ac2 and qsort()

6. Emacs keybindings in Enlightenment Window Manager

7. realtime scheduling problems with 2.4 linux kernel >= 2.4.10

8. suppressing specific history entries

9. Swapping in 2.4.10.SuSE-3 (2.4.10aa1 + some patches).

10. PPTP/GRE masquerading in kernel 2.4.18 changed (since kernel 2.4.10)?

11. YDL 'iptables set-up help' kernel 2.4.10-12a

12. usb slow in >2.4.10