Провайдим с помощью mgetty

Уважаемый "Андрей Селуков" !!!

Sunday, December 28, 2003, 8:08:57 PM, you wrote:

Наверно машина просто не знает че делать с вашими пакетами? как насчет
настройки форвардинга ваших пакетов? А лучше всего - сделать
макарадинг, но для этого надо ядро пересобирать помоему (хотя я не
уверен) вообщем копать в сторону "как включить маскарадинг".
Да поможет вам великий яндекс.

--

С Уважением,

Сергей.

-*Информационный канал Subscribe.Ru
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Отписаться: mailto:comp.soft.linux.discuss--unsub@subscribe.ru

http://subscribe.ru/ mailto:ask@subscribe.ru

Здравствуйте, Sergey.

Вы писали 29 декабря 2003 г., 2:25:30:

Кстати, аналогичная проблема... Подрубаюсь. Инет работает. А сеть не
вижу. Хочу чтобы мой комп сеть видел. Что покрутить нужно.

Здравствуйте, Prior.

Вы писали 29 декабря 2003 г., 11:34:32:

если не пингуется - в сторону роутинга, если нужна виндовая сеть - в сторону
WINS-сервера.

В сообщении от Понедельник 29 Декабрь 2003 05:25 Sergey Tamkovich написал:

1. Установить маску сети и ip-адрес из твоей сеть т.е. если eth0 -
192.168.0.1/24 следовательно для pppd в файле /etc/ppp/options
192.168.0.25:192.168.0.200 где 192.168.0.25 -адрес сервера 192.168.0.200 адрес

клиента тамже указать proxyarp чтобы остальные машины в eth0 не терялись куда

пакеты отправлять ... :) дополнительно читай man pppd там очень доходчиво ...

:)

-*Информационный канал Subscribe.Ru
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Отписаться: mailto:comp.soft.linux.discuss--unsub@subscribe.ru

http://subscribe.ru/ mailto:ask@subscribe.ru

Я установил ip_adress
eth0 Link encap:Ethernet HWaddr 00:04:79:67:B1:AB
inet addr:192.168.2.72 Bcast:192.168.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2902 (2.8 Kb) TX bytes:3622 (3.5 Kb)
Interrupt:11 Base address:0xd400

мой /etc/ppp/options
<--BEGIN-->
#//add
192.168.2.52:192.168.2.200
nodetach
#end_of_add

asyncmap 0
crtscts
lock
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
<--END-->

я согласно почитанному в /usr/doc/LINUX_HOWTOs/IP-Masquerade-HOWTO
я включил маскаринг
мой rc.firewall
<Begin>
#!/bin/sh
#
# rc.firewall-2.4
FWVER=0.75
#
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
#
#
#
# Log:
# 0.75 - Added more kernel modules to the comments section
# 0.74 - the ruleset now uses modprobe vs. insmod
# 0.73 - REJECT is not a legal policy yet; back to DROP
# 0.72 - Changed the default block behavior to REJECT not DROP
# 0.71 - Added clarification that PPPoE users need to use
# "ppp0" instead of "eth0" for their external interface
# 0.70 - Added commented option for IRC nat module
# - Added additional use of environment variables
# - Added additional formatting
# 0.63 - Added support for the IRC IPTABLES module
# 0.62 - Fixed a typo on the MASQ enable line that used eth0
# instead of $EXTIF
# 0.61 - Changed the firewall to use variables for the internal
# and external interfaces.
# 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
# all forwarded packets but it didn't have a rule to ACCEPT
# any packets to be forwarded either
# - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
# 0.50 - Initial draft
#

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"

# The location of the iptables and kernel module programs
#
# If your Linux distribution came with a copy of iptables,
# most likely all the programs will be located in /sbin. If
# you manually compiled iptables, the default location will
# be in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
#IPTABLES=/sbin/iptables
IPTABLES=/usr/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

#Setting the EXTERNAL and INTERNAL interfaces for the network
#
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the natting will occur and the internal network
# should preferably be addressed with a RFC1918 private address
# scheme.
#
# For this example, "eth0" is external and "eth1" is internal"
#
#
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
#
EXTIF="ppp0"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"

##== No editing beyond this line is required for initial MASQ testing ==

echo -en " loading modules: "

# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO shows ALL IPTABLES
# options as MODULES. If your kernel is compiled correctly, there is
# NO need to load the kernel modules manually.
#
# NOTE: The following items are listed ONLY for informational reasons.
# There is no reason to manual load these modules unless your
# kernel is either mis-configured or you intentionally disabled
# the kernel module autoloader.
#

# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded:
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
# echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables

#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated

#Load the stateful connection tracking framework - "ip_conntrack"
#
# The conntrack module in itself does nothing without other specific
# conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
# module
#
# - This module is loaded automatically when MASQ functionality is
# enabled
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack

#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp

#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc

#Load the general IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat

#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp

#Loads the IRC NAT functionality into the core IPTABLES code
# Required to support NAT of IRC DCC requests
#
# Disabled by default -- remove the "#" on the next line to activate
#
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"

# Just to be complete, here is a partial list of some of the other
# IPTABLES kernel modules and their function. Please note that most
# of these modules (the ipt ones) are automatically loaded by the
# master kernel module for proper operation and don't need to be
# manually loaded.
# #
# ip_nat_snmp_basic - this module allows for proper NATing of some
# SNMP traffic
#
# iptable_mangle - this target allows for packets to be
# manipulated for things like the TCPMSS
# option, etc.
#
# --
#
# ipt_mark - this target marks a given packet for future action.
# This automatically loads the ipt_MARK module
#
# ipt_tcpmss - this target allows to manipulate the TCP MSS
# option for braindead remote firewalls.
# This automatically loads the ipt_TCPMSS module
#
# ipt_limit - this target allows for packets to be limited to
# to many hits per sec/min/hr
#
# ipt_multiport - this match allows for targets within a range
# of port numbers vs. listing each port individually
#
# ipt_state - this match allows to catch packets with various
# IP and TCP flags set/unset
#
# ipt_unclean - this match allows to catch packets that have invalid
# IP/TCP flags set
#
# iptable_filter - this module allows for packets to be DROPped,
# REJECTed, or LOGged. This module automatically
# loads the following modules:
#
# ipt_LOG - this target allows for packets to be
# logged
#
# ipt_REJECT - this target DROPs the packet and returns
# a configurable ICMP packet back to the
# sender.
#

echo -e " Done loading modules.\n"

#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#

#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED

-j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nDone.\n"
<END>

поставил mgetty

Клиент подключается через модемное соединение ppp0 ему дается
ip_address 192.168.2.200

Клиент может про пиндовать машину 192.168.2.72 (eth0 машина на которой
установлен модем), но не может пропинговать 192.168.2.73 ????
почему не работает ??

и вот какое-то сообщение выподит dmesg
PPP generic driver version 2.4.2
PPP BSD Compression module registered
PPP Deflate Compression module registered
device ppp0 entered promiscuous mode
IN=ppp0 OUT=eth0 SRC=192.168.2.200 DST=192.168.2.73 LEN=60 TOS=0x00 PREC=0x00

TTL=127 ID=58 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=256
IN=ppp0 OUT=eth0 SRC=192.168.2.200 DST=192.168.2.73 LEN=60 TOS=0x00 PREC=0x00

TTL=127 ID=59 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=512
IN=ppp0 OUT=eth0 SRC=192.168.2.200 DST=192.168.2.73 LEN=60 TOS=0x00 PREC=0x00

TTL=127 ID=60 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=768
device ppp0 left promiscuous mode
IN=ppp0 OUT=eth0 SRC=192.168.2.200 DST=192.168.2.73 LEN=60 TOS=0x00 PREC=0x00

TTL=127 ID=61 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=1024
device ppp0 entered promiscuous mode
device ppp0 left promiscuous mode
IN=ppp0 OUT=eth0 SRC=192.168.2.200 DST=192.168.2.73 LEN=60 TOS=0x00 PREC=0x00

TTL=127 ID=76 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=2304
device ppp0 entered promiscuous mode

Подскажите что-нибудь?

С уважением Андрей

В сообщении от 7 Январь 2004 09:17 labiri***@m*****.ru написал(a):

-*Информационный канал Subscribe.Ru
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Отписаться: mailto:comp.soft.linux.discuss--unsub@subscribe.ru

http://subscribe.ru/ mailto:ask@subscribe.ru

В сообщении от Среда 07 Январь 2004 20:02 Selukov Andrey написал:

firewall это конечно хорошо, но доводить до абсурда не надо ....
Должно работать без firewall, а усложнить себе жизнь можно и после ...
Для начала
cat /proc/sys/net/ipv4/ip_forward
должно быть 1
если 0 то
[root@localhost /]# echo "1">/proc/sys/net/ipv4/ip_forward

-*Информационный канал Subscribe.Ru
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Отписаться: mailto:comp.soft.linux.discuss--unsub@subscribe.ru

http://subscribe.ru/ mailto:ask@subscribe.ru

Андрей Селуков wrote:

1. Пришлите содержание файла

/etc/ppp/options

либо

/etc/ppp/options.ttyS0

2. После того, как приконнектились,
зайдите на dial-in server, дайте

route -n

покажите результат.

-*Информационный канал Subscribe.Ru
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Отписаться: mailto:comp.soft.linux.discuss--unsub@subscribe.ru

http://subscribe.ru/ mailto:ask@subscribe.ru