multiple concurrent connections with masquerading

Stephen Davies (scldad@sdc.com.au)
Wed, 01 Sep 1999 16:28:02 +0930


Hello.

I am working with a 2.0.36 system with diald V0.98.2 and ipfwadm V2.3.0.

The system has internal private net plus dialout connections to two ISPs. The
first of these is held up from 0800 to 1800 by diald and has a statis IP
address assigned by the ISP.

The second connection is demand-dialled and gets a dynamically assigned IP on
connection. The system being access by this link is on a third network for
which the routing is managed by ISP2.

The first connection is set to be the default route and is used for all general
Internet access by both the Linux box and all of the W95 boxes on the private
lan. This connection works perfectly:-))) All routing, masquerading behaves
as expected - but there may be a firewall problem. Read on.

My problem is with the second connection. Users on the private lan wish to
telnet to a specific host at IP 1.2.3.4. This address is set in the diald.conf2
file as the remote IP. When diald dials out, it is connected to ISP2 which
assigns a local IP of 2.3.4.5 and a remote IP of 3.4.5.6. (all of these
addresses are "real", that is, not private addresses)

The diald addroute is used to add a routing entry for 1.2.3.4 via 3.4.5.6.
This works.

If the connection to 1.2.3.4 is initiated by the Linux host, all is good. It
is getting a connection attempt from one of the W95 PCs to work that is
beating me at the moment.

Initially, the firewall setup by the first connection was preventing telnet
traffic from the private addresses from reaching the sl1 interface so I added
an ipfwadm rule to accept all forwarding to sl1 (-F -i accept -S 192.168.1.0/
24 -D 0.0.0.0/0). This got me to the point where diald would see the telnet
packets and dial the number. The route is set up correctly and I can telnet to
1.2.3.4 from Linux but still cannot complete the connection from a PC.

Obviously I need extra rules for the ppp1 interface but just what, how and
when they should be added and deleted is defeating me just now.

TIA,
Stephen Davies

-- 
========================================================================
Stephen Davies Consulting	    		      scldad@sdc.com.au
Adelaide, South Australia.     		      Voice: 08-8177 1595
Computing & Network solutions.	 	      Fax: 08-8177 0133

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu