[NBLUG/talk] Networking question
Kyle Rankin
kyle at nblug.org
Mon Sep 29 09:48:01 PDT 2003
On Sun, Sep 28, 2003 at 03:27:26PM -0400, Dave Sisley wrote:
> This question is sort of directed toward Kyle, but anyone can jump in, and I
> thought that the answer might prove useful to other people as well.
>
> At the install fest, Kyle mentioned an alternative way to use my home wireless
> setup, and (like a dope) I'm afraid I forgot to write it down.
>
> The way I am currently using the connection I've set up between my laptop and
> my desktop is to ssh into the desktop, ask it to dial out and do all my
> internet related business through that machine. That works fine for 90% of my
> needs, plus it's easy enough to transfer files back and forth between the 2
> machines.
>
> Where it is inefficient is when I need to download a file for the laptop from
> the web. The way it is now, I would download it to the desktop, then scp it to
> my laptop. That's not so bad, but it feels 'wrong'. I just realized the real
> problem is when I want to 'apt-get upgrade' my laptop. I can't really do that.
>
> Kyle had mentioned a way for me to actually use the desktop for dialing out,
> but I could still be logged into the laptop and just use the desktop's ppp
> connection as if it were the laptop's.
>
> Forgive me if I mistated the scenario. I'd be happy to do some research, but
> I forgot the name of the process/concept. Can I get a hint before I google?
>
> Grateful as always,
> -dave.
Basically what you want to do is set up IP Masquerading (or possibly NAT)
on your ppp connection. Now, as I imagine, your ppp connection gets you a
dynamic IP each time. Because of this, you can't really do NAT as much as
a regular IP Masquerade.
There is a great HOWTO on the subject here:
http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/
with the primary information you would need here:
http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
This HOWTO even includes a little script you can use at startup, however
the simple process for it (provided iptables and masquerading support is
enabled in your kernel, which it should be) is to do the following:
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr (this one is optional)
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
The script they use in the HOWTO clears out and sets up other nice things,
and I recommend you try that (especially if the above doesn't work).
Once you set this up, any internet-bound traffic inside your network will
be routed by your firewall. You simply set up your internal machines to
use that firewall as the gateway.
--
Kyle Rankin
NBLUG President
The North Bay Linux Users Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug
kyle at nblug.org
More information about the talk
mailing list