今更ながら、dialup router。めもめも。
■kpppの設定
eth0とか生きてて、default routeが設定されていると、pppが堕ちるヨ。
■NAT
kernel 2.4.x系は、IP MASQが無くなったので、packet filteringを使う。
kernelの設定は、以下。
Networking options
Network packet filtering y
Network packet filtering debugging y
IP netfilter configuration
Connection tracking (required for masq/NAT) m
FTP protocol support m
IRC protocol support m
IP tables support (required for filtering/masq/NAT) m
limit match support m
MAC address match support m
netfilter MARK match support m
Multiple port match support m
TOS match support m
tcpmss match support m
Connection state match support m
Unclean match support (EXPERIMENTAL) m
Owner match support (EXPERIMENTAL) m
Packet filtering m
REJECT target support m
MIRROR target support (EXPERIMENTAL) m
Full NAT m
MASQUERADE target support m
REDIRECT target support m
Packet mangling m
TOS target support m
MARK target support m
LOG target support m
ipchains (2.2-style) support y
kernel compile後、rebootして、更に以下を設定。rc.localにでも入れておけばよし。
echo 1 >/proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
いじょ。
3月 9 2007
dialup router
今更ながら、dialup router。めもめも。
■kpppの設定
eth0とか生きてて、default routeが設定されていると、pppが堕ちるヨ。
■NAT
kernel 2.4.x系は、IP MASQが無くなったので、packet filteringを使う。
kernelの設定は、以下。
Networking options
Network packet filtering y
Network packet filtering debugging y
IP netfilter configuration
Connection tracking (required for masq/NAT) m
FTP protocol support m
IRC protocol support m
IP tables support (required for filtering/masq/NAT) m
limit match support m
MAC address match support m
netfilter MARK match support m
Multiple port match support m
TOS match support m
tcpmss match support m
Connection state match support m
Unclean match support (EXPERIMENTAL) m
Owner match support (EXPERIMENTAL) m
Packet filtering m
REJECT target support m
MIRROR target support (EXPERIMENTAL) m
Full NAT m
MASQUERADE target support m
REDIRECT target support m
Packet mangling m
TOS target support m
MARK target support m
LOG target support m
ipchains (2.2-style) support y
kernel compile後、rebootして、更に以下を設定。rc.localにでも入れておけばよし。
echo 1 >/proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
いじょ。
By admin • computer(server) •