LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-25-2012, 11:17 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,008

Rep: Reputation: 30
masquerade - add extra private net


This is my current routing:
Code:
[root ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
172.16.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun1
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
88.xxx.xxx.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         88.xxx.xxx.1    0.0.0.0         UG    0      0        0 eth0
[root ~]#
I want to add a 3rd network for use with a PPTP VPN.
What private LAN addresses can I use?
10.8.1.x?
How do I add that to the routing?

Also, I have this routing in ioptables, so how do I get the pptp port to be redirected?
Code:
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 88.xxx.xxx.xx9
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
just add port 1723?
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 88.xxx.xxx.xx9:1723
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

Last edited by qwertyjjj; 11-25-2012 at 11:30 AM.
 
Old 11-26-2012, 02:36 PM   #2
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,008

Original Poster
Rep: Reputation: 30
anyone?
 
Old 11-28-2012, 12:59 PM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,008

Original Poster
Rep: Reputation: 30
anyone?
 
Old 11-30-2012, 05:02 AM   #4
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 773
Blog Entries: 6

Rep: Reputation: 75
no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing
 
Old 12-02-2012, 05:37 AM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,008

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by routers View Post
no need to push/bump up , if need to wait mean have to wait
may i have another work arround for your issue

install virtualbox or any virtual , connect this to vpn server then make this to become gateWay to your lan
so any network pc in your network use this gateWAY will become part off vpn client user

its better than you messs your up routing
it's a dedicated server though so I really need to use the routing.
 
Old 12-03-2012, 09:17 AM   #6
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 773
Blog Entries: 6

Rep: Reputation: 75
just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan
 
Old 12-03-2012, 02:40 PM   #7
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,008

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by routers View Post
just give a try

-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o tun1 -j MASQUERADE

and one of my setting is like this below

$IPT -t nat -I PREROUTING -p udp -d 202.191.200.142 --dport 1723 -j DNAT --to 192.168.68.68:1723

maybe you can figure out , i did openvpn server under xen cluster vlan
I think that is there already:
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

Could this be a problem?
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Add Private ip rogee Linux - Newbie 3 03-07-2006 02:38 PM
Private Ip's on the net?? roopunix Linux - Networking 1 06-30-2005 11:01 AM
private net on a rack captain_obvious Linux - Networking 1 05-20-2004 12:13 PM
How can I add extra NIC's? binkybuckle Debian 11 12-04-2003 05:23 PM
Package collusions on the private net Revenger Linux - Networking 1 08-16-2001 07:45 PM


All times are GMT -5. The time now is 11:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration