But it's not working yet, maybe somebody know why and can help me.
Because u don t have to masquerade packets out of eth0 interface.
If u have a DSL connection, masqueraded packets must be those outgoing
ppp0 interface.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Let me know your progress ... Bye!
Ezequiel Larrarte.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-05-2008, 05:45 PM
Ezequiel Larrarte
simple router
Alexander wrote:
I want create my debian home router:
|"dslmodem" wan ppp0|<-->|eth0<-->(eth1,eth2 - shaping router)|<---|"lan" comp1,comp2|
I've created some configurations:
------------------------------------------------------------------------
1. /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
verify ur dsl connection is started
# ifconfig ppp0 |
# ip a s dev ppp0 | it s the same
configure a lan computer
address 192.168.1.2
netmask 255.0.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
gateway 192.168.1.1
try to ping something on the internet
$ ping 209.85.195.99
(this is a google host)
....
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-05-2008, 07:33 PM
"A n d i k a Triwidada"
simple router
On Wed, Aug 6, 2008 at 1:59 AM, Alexander <alex.golovin@mail.ru> wrote:
> I want create my debian home router:
>
> |"dslmodem" wan ppp0|<-->|eth0<-->(eth1,eth2 - shaping router)|<---|"lan" comp1,comp2|
>
> I've created some configurations:
> ------------------------------------------------------------------------
> 1. /etc/network/interfaces
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
>
> #allow-hotplug eth0
> auto eth0
> iface eth0 inet static
> address 192.168.1.3
> netmask 255.255.255.0
> network 192.168.1.0
> broadcast 192.168.1.255
> gateway 192.168.1.1
> # dns-nameservers 192.168.1.1
>
> #allow-hotplug eth1
> auto eth1
> iface eth1 inet static
> up /sbin/wondershaper eth1 320 320
> down /sbin/wondershaper remove eth1
> address 192.168.1.4
try using different segment for eth1
like 192.168.2.x
>
> #allow-hotplug eth2
> auto eth2
> iface eth2 inet static
> up /sbin/wondershaper eth2 320 320
> down /sbin/wondershaper remove eth2
> address 192.168.1.5
and eth2 too
--
andika
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-05-2008, 08:25 PM
"Wojciech Ziniewicz"
simple router
2008/8/5 A n d i k a Triwidada <andika@gmail.com>:
> On Wed, Aug 6, 2008 at 1:59 AM, Alexander <alex.golovin@mail.ru> wrote:
>> I want create my debian home router:
did you turned on ip forwarding ?
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;f l
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!}
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-05-2008, 08:59 PM
Alex Samad
simple router
On Wed, Aug 06, 2008 at 12:18:21AM +0300, Alexander wrote:
> On Tue, 2008-08-05 at 14:45 -0300, Ezequiel Larrarte wrote:
>
[snip]
> is good enough for me.
> DSL modem is working good, I have an internet connection on my eth0
> iface, but haven't nothing in my eth1 and eth2 ifaces, how to configure
> routes from eth0 to my local network via eth1,2?
> I know hot to shape traffic via eth1,2 with wondershaper, you can see
> that in my /etc/network/interfaces config.
does the router know how to route back to eth1 and eth2 ?
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
"More and more of our imports are coming from overseas."
- George W. Bush
09/26/2005
On NPR's Morning Edition
08-05-2008, 09:15 PM
Cory Oldford
simple router
I recommend using the ppp daemon to handle the pppoe setup instead of the DSL modem. Most DSL modems can be put into bridge mode so the auth can be handled by an internal device(your debian firewall). This will allow you to have more control and therefore assist in troubleshooting issues. This will also eliminate the publicly unroutable IP and subnet on your wan interface which will then be ppp0.
# apt-get install pppoeconf
# pppoeconf
In either case you should post the output of the following but only after ensuring you can get out from the firewall machine.
NOTE: feel free to replace ip info with <REMOVED> or something similar if leaking of this info is a concern just make sure its a valid IP before sending the info. Also if iptables is not your strongest skill you could use ipmasq or another wrapper script ie: firehol etc. I REALLY recommend writing your own though.
Cory Oldford
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-05-2008, 09:18 PM
Alexander
simple router
On Tue, 2008-08-05 at 14:45 -0300, Ezequiel Larrarte wrote:
> First, try a simple example:
> eth0 - ur interface attached to ur dsl modem
> address 10.0.0.1
> netmask 255.0.0.0.0
> network 10.0.0.0
> broadcast 10.255.255.255
>
> eth1 - ur lan interface
> address 192.168.1.1
> netmask 255.255.255.0
> network 192.168.1.0
> broadcast 192.168.1.255
>
> start ur dsl connection
> # pon dsl-provider (or whatever name u ve choosen)
>
> masquerade packets
> # iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> verify ur dsl connection is started
> # ifconfig ppp0 |
> # ip a s dev ppp0 | it s the same
>
> configure a lan computer
> address 192.168.1.2
> netmask 255.0.0.0.0
> network 10.0.0.0
> broadcast 10.255.255.255
> gateway 192.168.1.1
>
> try to ping something on the internet
> $ ping 209.85.195.99
> (this is a google host)
My DSL modem is working as router and has a ppp0 iface, I have only
ethX ifaces on my debian router, I don't want a firewall on my debian
router, just shaping for my local network. One firewall on my dsl modem
is good enough for me.
DSL modem is working good, I have an internet connection on my eth0
iface, but haven't nothing in my eth1 and eth2 ifaces, how to configure
routes from eth0 to my local network via eth1,2?
I know hot to shape traffic via eth1,2 with wondershaper, you can see
that in my /etc/network/interfaces config.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-06-2008, 12:09 AM
Alexander
simple router
Thanks for everybody, who are helping me,
I've found my mistake, if I connect my local computer without switch,
it isn't work, when I connect over switch everything works fine -
shaping, routing.
But, can I use my connections to router without switch, nic in local
computer to nic in router only?
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
08-06-2008, 01:27 AM
Alexander
simple router
Ok, I'll try crossover cable for 2pc connection, and brctl bridge for
create same ip addresses in my eth1,2 devices, with wondershaper shaping
and iptables nat.
I think, it isn't difficult simple solution, because I no need
configure my firewall on router, when I have DSL modem in router mode
with firewall.
Thanks.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
simple router
}
