LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-03-2001, 09:08 PM   #1
bfloeagle
Member
 
Registered: Jun 2000
Location: Upstate New York
Distribution: Ubuntu
Posts: 158

Rep: Reputation: 30
Question


I have a RH 6.2 linux box that serves as a gateway to the internet for my LAN. I currently use IP MASQ'ing (via ipchains) to have my network connect to the internet and serve as a firewall but now I am running into troubles with all the new protocols out there (such as PPTP).

Without really going into the details of the above, I have a question. Does anyone know if I can set up my box to act as a router but still use ipchains as my firewall, without it doing any masq'ing? If so, how? (I am using 2.2.17-5.0 the stock out of the box RH 6.2 kernel.)

Can routing be done without ip masq'ing?

Andy
 
Old 05-04-2001, 05:17 AM   #2
Wazza
Member
 
Registered: Dec 2000
Location: South Australia
Distribution: RedHat 7.2
Posts: 55

Rep: Reputation: 15
Hi.
I have an idea that IPchains can do it, but the internal comps need a valid public IP address.
 
Old 05-04-2001, 05:55 AM   #3
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
The Linux box will use RIP, routing information protocol to do this, then forward any packets to the net hop in it's FIB table. "i.e static routes set-up by you"

Ipchains must not do the MASQ option just normal rules.
Wazzas right you'll need a real IP.

Use NAT/MASQ it's easyer.

/Raz
 
Old 05-04-2001, 10:53 AM   #4
bfloeagle
Member
 
Registered: Jun 2000
Location: Upstate New York
Distribution: Ubuntu
Posts: 158

Original Poster
Rep: Reputation: 30
Arrow OK, then what about this...

Well, if I have to use private ip on my internal network, I am going to have to ask another question. My original problem is that I cannot get VPN from a WinME client behind my firewall to a WinNT vpn server outside my firewall working. Everywhere I go says to use the ip_masq_pptp module which I cannot find. Does anyone know if it is included with 2.2.* kernels higher than 2.2.17??? (Just so I can upgrade my kernel and not patch my current one.)

Andy
 
Old 05-04-2001, 07:15 PM   #5
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
PPTP and Linux gateway

The best way to get this to work is to use Kernel 2.4 which comes with support for forwarding VPN connections. I tried several different ways to get it to work with the 2.2 kernel but the only way I was able to get results was compiling and using a 2.4 kernel.
 
Old 05-05-2001, 02:08 PM   #6
bfloeagle
Member
 
Registered: Jun 2000
Location: Upstate New York
Distribution: Ubuntu
Posts: 158

Original Poster
Rep: Reputation: 30
Question What did you use?

If you can remember, was there anything in specific that that you had to compile to make your vpn connection work (besides the obvious things to get masq'ing working)? Are you using iptables or ipchains?

Andy
 
Old 05-07-2001, 08:26 AM   #7
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
Kernel 2.4 only uses IPtables. IPchains is no longer used. Under "Networking Options", say "yes" to "Network Packet Filtering" and "IP tunneling"

I think thats all you need to Masq PPTP connections.

If you want to route without IPMasq, you will need "real" IP addresses for all the boxes you want to route out to the net.
 
Old 05-07-2001, 09:10 AM   #8
bfloeagle
Member
 
Registered: Jun 2000
Location: Upstate New York
Distribution: Ubuntu
Posts: 158

Original Poster
Rep: Reputation: 30
Talking Got it!!!

Just installed 2.4.4 and VPN works great! Thanks for all your help guys!

Andy
 
Old 05-08-2001, 09:21 PM   #9
ak47fred
LQ Newbie
 
Registered: May 2001
Posts: 9

Rep: Reputation: 0
There is a suboption (at least in 2.4.4) to allow continued use of IPChains...
 
Old 05-09-2001, 09:02 AM   #10
bfloeagle
Member
 
Registered: Jun 2000
Location: Upstate New York
Distribution: Ubuntu
Posts: 158

Original Poster
Rep: Reputation: 30
I needed PPTP...

I was trying to use ipchains to maintain my current firewall but I found out that I needed to compile pptp into the kernel for it. Either way, I was able to get a iptables firewall with vpn support working before I was able to get the ipchains working. So I kept it...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 06:12 AM
can I use an old PC as a router/firewall Metalbarthug Linux - Newbie 9 10-21-2004 08:08 PM
Mandrake Firewall/router networked to US Robotics 8000A router jrzplace Linux - Networking 0 11-17-2003 05:48 PM
Router/Firewall Melo Linux - Software 2 07-28-2003 06:10 PM
Router and Firewall jccm01 Linux - Security 2 12-31-2001 03:57 PM


All times are GMT -5. The time now is 06:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration