IP forwarding

eqxro · 03-13-2005, 03:45 PM

Okay, so I've got a handfull of questions on my mind, so here goes nothing:

1. Is it possible to disallow a LAN-user to forward his/her internet connection to someone else?

2. If 1. is yes, how can it be done?

3. If 1. is yes, how can it be bypassed? So far, the only solution seems to be a transparent proxy server (squid).

4. But what about the other ports (DC++, MSN, Y!), how can thay be "forwarded" and still pass through the firewall?

5. Am I asking too much?

Linux.tar.gz · 03-14-2005, 02:17 AM

Some answers here: http://www.linuxquestions.org/questi...hreadid=280516
Not too much for this morning

.

eqxro · 03-14-2005, 02:41 AM

Thanx for the help, I read the posts and it looks like the ttl thingie might be the right way, as I think that's the way my ISP is blocking my IP forwarding. I've posted here my problem, and also here. From the last post you can see the TTL go from 127 (send) to 1 (reply) then 64 (error). I must admit I didn't google yet, so how can I increase the ttl when it gets on the router? Will this break things?

[edit]Just googled and it seems this is the case... Found something like min-ttl but no way to set it...

[/edit]

Linux.tar.gz · 03-14-2005, 06:02 AM

I don't know, but iptables can do LOTS of things. Perhaps search this way?

eqxro · 03-14-2005, 06:11 AM

I found something regarding ip tables, they say this should change the TTL:

iptables -t mangle -A PREROUTING -i eth1 -j TTL --ttl-set 64

only prob is it bombs out, saying chain/action invalid or something like that. It seems my kernel is not TTL mangle-patched.

[edit] I have the kernel patched and the ip forwarding automagically works

Thanks 4 your help Linux.tar.gz

The patch is patch-o-matic-ng, the TTL part only.[/edit]