ppp0 routing setup

nicovj · 06-16-2007, 06:37 AM

HI

I connect to the internet with ppp0 and bluetooth with my mobile phone -no problem here.

Have 2 computers:
1. Linux SUSE 10.1 connected to the internet with ppp0
2. Windows XP want to connect to the internet via Linux (1)

DHCP server is up and the XP computer (2) receives an IP add on the network from mybox. Can ping both computers.

I can not acess the internet on the network from XP

It seems to me that the traffic from the internet is not forwarded to the network. How do I tell LINUX to route the traffic from ppp0 to eth0

As you can see I am very new to LINUX if you do have an answer for me wiil you please give the procedures in steps in plain English.

Kind regards

Nico

Simon Bridge · 06-17-2007, 03:45 AM

You have to enable ip forwarding in the kernel then add a line to your iptables script. (This is the easiest way... you could also make a bridge.)

Now you have some search terms to google

nicovj · 06-17-2007, 06:44 AM

Hi Simon

Thank you for your prompt reply.

I did follow the following procedures exactly
http://www.novell.com/coolsolutions/feature/16579.html

but my problem I think is with the iptables script. The above URL link is how to route from ethernet to ethernet thus eth0 eth1 and not ppp0 to eth0.

If possible have a look at the above link and help me out here.

Kind regards

Nico

rossonieri#1 · 06-17-2007, 08:11 AM

hi nicovj,

you can route it manually :

route add default dev ppp0 --

ip forwarding :
echo 1 > /proc/sys/net/ipv4/ip_forward (mine on centos)

or you can take a look at that in /etc/sysctl|grep ip_forward.

and make sure your NAT-MASQUERADE do its job.

for the DHCPD in your linux router - make sure its up after your ppp0 is up and listen on the internal interface or else you'll get prompt other DHCP server is running - and your DHCP client doesnt get any IP.

HTH.

Simon Bridge · 06-17-2007, 11:23 AM

It works for routing ppp and eth: this is how I used to share my dialup connection.

As rossonieri#1 says, you gotta make sure you have enabled ip forwarding. Something like the following needs to be in your firewall script:

Code:

# enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# always use default drop policy
iptables -P FORWARD DROP

iptables -F FORWARD 
iptables -t nat -F

# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

# Enabling SNAT (MASQUERADE) functionality on ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

... the rest is up to the windows configuration.

nicovj · 06-18-2007, 03:53 AM

Simon

Where do I put this CODE? (Clueless)
Where do I get the firewall script file?

Nico

Simon Bridge · 06-19-2007, 08:52 AM

Hmmm... are you not running a firewall then?

Create a text file, call it "firewall.sh" (say), make it executable, and put it someplace out of the way. (I put it in ~/custom/settings, but lots of people like /usr/bin/ or /etc)

Execute the script... et voila!

You will want a more comprehensive firewall than that... use the search function and look up "mdh firewall".

nicovj · 06-22-2007, 04:54 PM

I had it with Linux it is like working for the KGB.

Thank goodness for Bill GATES

One request is that if you do not know how to explain what must be done do not even answer thank you

Nico

Simon Bridge · 06-23-2007, 04:25 AM

Sorry Nico, I have given specific instructions ... step by step. Where is it that you are confused?

Quote:

if you do not know how to explain what must be done do not even answer thank you

My last posts concerned instructions on how to set up your iptables (firewall) script. You have already indicated that you know something about this in post #3. It seems you should be able to understand and follow those instructions. If you do not understand, it is because I have judged you more capable than you are... from a hacker, this is a compliment. And I still think you are capable of figuring it out.

Communication goes two ways. In order for me to explain things to you effectively I need to know you quite well... do I know you Nico?

We are using English, in a text-only media, where there may be cultural as well as conceptual barriers. Yet I don't even know where you are posting from... it could be anywhere and you expect me to know how to explain things to you?!

I am not getting paid for this. Your attitude would be understandable if you were paying me, but you are not. You gotta ask yourself: why should I help you at all? Have you given me a reason to care whether you get your machine connected or not?

Yet here I am telling you off... why? I don't have to do this.

Quote:

it is like working for the KGB.

In what way? Be specific! (Since this is an international forum, it may well have worked for the formerКомитет Обеспеченностью Положения (KGB) and may even work for one of its successors, the Служба Внешней Разведки (SVR) and the Федера́льная слу́жба безопа́сности (FSB).)

Windows is designed for people who don't want to be bothered with the technical details. You pay for this, in many ways, but if this is you: хорошее везение и счастливый рубить!