Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Masquerading unter Kernel 2.4
On Monday 07 January 2002 14:11, you wrote:

> I seem to have a problem with getting my LAN into the net.
> I've set up a new 7.3-system (Kernel 2.4) which sould act as a
> router/proxy/firewall between the LAN and the internet (I don't like my
> users surfing in the net directly *g*). My own workstation should be able
> to connect to the net directly while the rest of the LAN has to use squid,
> so I have to activate Masquerading. But this won't work. I normally use:
>
> ipchains -P forward MASQ
> ipchains -A forward -s 192.168.0.110 -j MASQ
>
> But this won't work anymore. Is there a new syntax for it ?

Yes! But if your users use squid you do not need to masquerade. Force them
to use the squid proxy cache!

Check out the squid docs, on how to automate the proxy settings for Nutscrape
and Internet Exploiter.

Then go to google.com/linux and search for 'netfilter iptables' and read a
tutorial on it, you won't look back once you've got the hang of it, it's an
improvement on ipchains in most respects.

Rob

> Second problem is, when opening a connection (ADSL) with rp-pppoed the
> connection is done, I get my dynamic IP, but can't connect to any host in
No idea on this one, but maybe check that 'dynamic IP patch' is set in
/etc/rc.config, and that the IP's given the interfaces don't clash with your
internal network.

#
# Do you want the "dynamic IP patch" to be enabled at bootup? (yes/no)
#
IP_DYNIP="yes"

Rob


< Previous Next >