On Wed, 2002-01-09 at 23:48, Russell Hires wrote:
> (Derrick, what I'm trying to do is this: I've got a couple of machines. One
> is my PowerMac running debian-woody. It's got two ethernet cards, eth0 and
> eth1. eth1 is connected to an ethernet hub, and eth0 is connected to my dsl
> modem, but I think my traffic goes through ppp0, because of the pppoe that I
> have to use. My other machines are of the intel variety, also running linux.
> I want to be able to apt-get upgrade my intel machines to the latest
> debian-woody stuff. But unless they can get on the net, I'll have a hard
> time... :-)
Ah so. Basic NAT/MASQ firewall then. It shouldn't matter what your
internal and external interfaces are. At the expo last Spring we had
all the stuff on the floor masquerading over a 56K dialup through our
firewall over the ppp0 device and it worked fine.
Make sure your eth1 has an address - assuming your machines are on, say,
192.168.1.0/24, then we would normally put your "router/firewall" at
192.168.1.254. Make sure your other boxes use that address as the
default route. (In Debian, it's the "gateway" line in
/etc/network/interfaces)
On the firewall, make sure it's connected via ppp0 to your ISP, and eth1
has an appropriate address on your internal network. Play with the
attached script. Hopefully it's self-evident how to modify it for your
own environment.
The script does several things:
Sets up your NAT rules so all internal traffic is NAT'd to your
external, dynamic address. (i.e. "MASQUERADE") Sets up your FORWARD
rules so that statefulness is enabled and allows existing sessions to
continue back across the firewall from the outside, and only allows new
sessions to be initiated from the internal network outbound. Sets up
your INPUT rules so that only traffic from the internal network and SSH
traffic from the external network is allowed to connect directly to your
firewall. DROPs everything else in or across the firewall.
It will log certain informative messages to (in Debian)
/var/log/messages so as "root" on your firewall, you can "tail -f
/var/log/messages" and see what packets are being allowed and what are
being dropped and what isn't even getting to the firewall, and work out
what your problems might be from there.
If you have more questions, ask!
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/ http://www.anti-dmca.org/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:37:12 EDT