| View previous topic :: View next topic |
| Author |
Message |
fzxdude
n00b
Joined: 13 Jun 2004
Posts: 72
|
 Posted: Tue Jan 04, 2005 8:00 pm Post subject: an easy iptables router type question |
 |
|
First my layout:
laptop (192.168.2.2)
^
internet
V
router (192.168.0.1)
^
|--Lan (192.168.0.0/24)
V
pppserver (192.168.0.2, 192.168.2.1)
Ok so if thats a mess basically my laptop connects through the router to the pppserver via ssh.
It receives the address and gives one to the pppserver (the 192.168.2.'s)
I want to be able to forward packets to and from ppp to and from the lan
I set up static routing on the router to forward 192.168.2 stuff to 192.168.0.2 since thats on the subnet
I haven't played much with iptables nat stuff so I am wondering if someone can give me a hand with it |
|
| Back to top |
|
 |
fzxdude
n00b
Joined: 13 Jun 2004
Posts: 72
|
| Posted: Wed Jan 05, 2005 12:28 pm Post subject: |
|
|
Ok ... so I now have boxes on the lan talking to the laptop while im at work by telling the router to route all 192.168.2.* traffic to 192.168.0.2 (ppp server) ... I then masquerade the ppp0 device on the ppp server to forward all the packets across
i imagine ill have to do similar on the laptop side ... to forward all 192.168.0.* traffic through ppp0 on that side |
|
| Back to top |
|
|
fzxdude
n00b
Joined: 13 Jun 2004
Posts: 72
|
| Posted: Wed Jan 05, 2005 12:30 pm Post subject: |
|
|
Oh and if you are wondering I'm using this lovely script to do ppp over ssh so the pesky firewall here at work won't get in the way =)
| Code: | #!/bin/sh
# /usr/local/bin/vpn-pppssh
#
# This script initiates a ppp-ssh vpn connection.
# see the VPN PPP-SSH HOWTO on http://www.linuxdoc.org for more information.
#
# revision history:
# 1.6 11-Nov-1996 miquels@cistron.nl
# 1.7 20-Dec-1999 bart@jukie.net
# 2.0 16-May-2001 bronson@trestle.com
#
# You will need to change these variables...
#
# The host name or IP address of the SSH server that we are
# sending the connection request to:
SERVER_HOSTNAME=eldivino.domain.com
# The username on the VPN server that will run the tunnel.
# For security reasons, this should NOT be root. (Any user
# that can use PPP can intitiate the connection on the client)
SERVER_USERNAME=vpn
# The VPN network interface on the server should use this address:
SERVER_IFIPADDR=192.168.3.2
# ...and on the client, this address:
CLIENT_IFIPADDR=192.168.3.1
# This tells ssh to use unprivileged high ports, even though it's
# running as root. This way, you don't have to punch custom holes
# through your firewall.
LOCAL_SSH_OPTS="-P"
#
# The rest of this file should not need to be changed.
#
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
#
# required commands...
#
PPPD=/usr/sbin/pppd
SSH=/usr/bin/ssh
if ! test -f $PPPD ; then echo "can't find $PPPD"; exit 3; fi
if ! test -f $SSH ; then echo "can't find $SSH"; exit 4; fi
case "$1" in
start)
# echo -n "Starting vpn to $SERVER_HOSTNAME: "
${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS}
${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD}
nodetach notty noauth" ipparam vpn
${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
# echo "connected."
;;
stop)
# echo -n "Stopping vpn to $SERVER_HOSTNAME: "
PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME}
-l${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' |
awk '{print $1}'`
if [ "${PID}" != "" ]; then
kill $PID
echo "disconnected."
else
echo "Failed to find PID for the connection"
fi
;;
config)
echo "SERVER_HOSTNAME=$SERVER_HOSTNAME"
echo "SERVER_USERNAME=$SERVER_USERNAME"
echo "SERVER_IFIPADDR=$SERVER_IFIPADDR"
echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR"
;;
*)
echo "Usage: vpn {start|stop|config}"
exit 1
;;
esac
exit 0 |
|
|
| Back to top |
|
|
|
Networking & Security
