Board index Linux Networking

IP-Forwarding PPP-LAN but not LAN-LAN

IP-Forwarding PPP-LAN but not LAN-LAN

Post by PETERS Maschinenfabrik Gmb » Thu, 04 May 2000 04:00:00



Hi!

We have a Linux-Server (SuSE6.2) with 2 network-cards (different
TCP/IP-networks on each card).
We cannot allow any IP-Forwarding between these two cards.

Now - the problem is that we also want to use a modem for a PPP-connection
to one of these TCP/IP-networks.
At the moment this is only working when we set IP_FORWARDING to "yes"; but
now the Linux-Server may also
forward IP-traffic between both network cards.

I'm looking for a simple solution to solve this problem.
I haven't yet worked with firewalls, but in my opinion I will need to use
one.

Does anyone have any experiences / hints to help me in this problem?

Thanks in advance

Martin Pauly

 
 
 
Top

IP-Forwarding PPP-LAN but not LAN-LAN

Post by Tom East » Thu, 04 May 2000 04:00:00



>Hi!

>We have a Linux-Server (SuSE6.2) with 2 network-cards (different
>TCP/IP-networks on each card).
>We cannot allow any IP-Forwarding between these two cards.

>Now - the problem is that we also want to use a modem for a PPP-connection
>to one of these TCP/IP-networks.
>At the moment this is only working when we set IP_FORWARDING to "yes"; but
>now the Linux-Server may also
>forward IP-traffic between both network cards.

>I'm looking for a simple solution to solve this problem.
>I haven't yet worked with firewalls, but in my opinion I will need to use
>one.

>Does anyone have any experiences / hints to help me in this problem?

You'll need to do this in your startup scripts:

ipchains -A forward -b -s <one network> -d <other network> -j REJECT

For example, if your networks are 192.168.1.0/24 and 10.0.0.0/8 then your
rule would be:

ipchains -A forward -b -s 192.168.1.0/24 -d 10.0.0.0/8 -j REJECT

-Tom
--
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it

Shoreline, Washington USA \___________________________________________

 
 
 
Top

1. Port forwarding, NAT and LAN-to-LAN connections

Hello all,

Here's a stumper. I'm using Debian 2.2 and ipchains to set up a bunch
of services running on a LAN with only one external host doing
port-by-port forwarding to the hosts on the LAN. So,
External IP 24.68.84.12:80  forwarded to --> 192.168.1.2:80
and
External IP 24.68.84.12:25 forwarded to --> 192.168.1.2:25

With a couple of simple statements to ipmasqadm:
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 24.68.84.12 80 -R 192.168.1.2 80
ipmasqadm portfw -a -P tcp -L 24.68.84.12 25 -R 192.168.1.2 25

this works like a charm in all cases but one-- when the connection is
initiated from a host inside of the LAN. So, if host 192.168.1.10
tries to connect to 24.68.84.12:80, nothing happens. tcpdump shows
that packets are flying about, but the connection is never officially
opened.

I suspect that this has to do with the way that MASQ works in linux,
but I am not sure. I have scoured this list and it seems that the only
thing that comes close in posting is this post:
http://groups.google.com/groups?hl=en&threadm=3a1a4b0e.0%40d2o68.teli...

but there was never an acceptable resolution. Using DNS to
short-circuit the firewall's NAT seems kludgey.

Any help would be greatly appreciated.

Antonio

PS the rest of my rules are set as promiscous as possible for the
purposes of solving this problem:

ipchains -F
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -P forward -s 192.168.1.0/24 -j MASQ

and everything else (NAT, forwarding from an external address) is
working jsut fine.

2. Email Aliases for a group

3. LAN-PPP-LAN help

4. XF3.1.2 and Newer Kernels - X dies when upon xinit.

5. LAN to LAN ppp connection trouble

6. PCI modems

7. LAN <--> LAN via ppp - ROUTING PROBLEM

8. EQL serial line load balancing

9. LAN to LAN using PPP question

10. Configuring a linux router on LAN-LAN

11. Short distance LAN-LAN connection

12. ip forwarding not functioning through small LAN

13. How to configure Linux for a LAN of NT machines + 3COM 3C891 LAN Modem


All times are UTC
Board index