[PLUG] net access to pipe (was Squid & ...)
Bruce Kingsland
brucek at kingkon.com
Wed Nov 6 02:29:30 UTC 2002
This may look familiar from a thread last month, but there are
changes:
network looks like this:
|----defiant---modem <--- used to get email on laptop when off-net
|
|----auger <--- dev workstation
|
|----dax---modem <--- used for GUI access, desire _all_ access
|
hub(10/100 switch --- all devices have 10/100 nic's)
dax has squid running, and ppp configured for demand and persist.
defiant can cause dax to dial, and can see the world thru dax. auger
can cause dax to dial, and can see the world thru konqueror only. dax
can see the world just fine thru it's modem. defiant can dial thru it's
own modem, and see the world just fine; but this access in now only
used when I'm not connected to the local net. defiant has no GUI. I haven't
figgered out how to get lynx to do proxy, but seems to work just fine.
auger sees thru konqueror because the browswer understands proxy. port
forwarding is enabled on all systems (/proc/.../ip_forward == 1).
iptables on defiant (using iptables -t nat -nL):
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables on auger:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables on dax:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
After I got this all working last month, dax locked up for some
unknown reason. I had to reboot it, and restart squid, etc. Running
thru the thread from last time, I created this script, which got
everything happy again:
_______________________
#! /bin/bash
# This shuts down the default ipchains, and sets up the correct iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
rmmod ipchains ip_tables iptable_filter ip_nat_irc ip_nat_ftp ip_table_nat
modprobe ip_tables iptable_filter ip_nat_irc ip_nat_ftp iptable_nat
iptables -F -t filter
iptables -F -t nat
iptables -P FORWARD ACCEPT -t filter
iptables -P INPUT ACCEPT -t filter
iptables -P OUTPUT ACCEPT -t filter
iptables -P POSTROUTING ACCEPT -t nat
iptables -P PREROUTING ACCEPT -t nat
iptables -P OUTPUT ACCEPT -t nat
iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
iptables -t nat -nL
echo run pppDial now
_______________________
Then, I needed to scan a doc, and discovered that the device wasn't on
when I booted auger; and to get the scsi device visible, I had to
reboot auger (AARRGGHH!).
So, I did. Now I can't get auger to work outside the browser. Defiant
works just fine, and everything I did for defiant as a result of last
months thread, I duplicated on Auger, and it was working fine until I
rebooted. I'm almost afraid to reboot Defiant right now.... And I was
considering doing just that for a completely different task last week.
So, what am I missing?
TIA,
-bk
--
Bruce Kingsland
Kingsland Konsulting
brucek at kingkon.com
360-531-3730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
D/2B8DA3D7 g/2884A18E 49C3 BBDE 6BC5 3F39 0C03 3BE4 FBC5 2C8D 2B8D A3D7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20021105/0e53cc25/attachment.asc>
More information about the PLUG
mailing list