51
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
(Add the pre-up line to the "block of IP addresses" section, too) |
m (Formatting fix.) |
||
(3 intermediate revisions by the same user not shown) | |||
* '''eth0''' is plugged directly into your modem or ONT
* '''eth1''' will be used for your LAN
= Enabling IP forwarding =
To tell our Linux router to actually forward traffic, you must first enable IP forwarding in '''/etc/sysctl.conf'''.
Look for this section in '''/etc/sysctl.conf''':
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
Uncomment the two lines starting with "net":
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
Now run:
sysctl -p
This will reload '''/etc/sysctl.conf''' - applying our changes.
= Setting up pppd =
apt-get update
apt-get install
pppd uses several different configuration files:
iptables -A INPUT -p icmp -m comment --comment "Accept all ICMP" -j ACCEPT
iptables -A INPUT -i eth1 -m comment --comment "Accept all from the LAN" -j ACCEPT
iptables -A INPUT -i pppoe-aaisp -m state --state RELATED,ESTABLISHED -m comment --comment "Allow return traffic" -j ACCEPT
iptables -A INPUT -m comment --comment "Reject all remaining traffic" -j REJECT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o pppoe-aaisp -m comment --comment "Clamp MSS for traffic going via PPP" -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -i eth1 -o pppoe-aaisp -m comment --comment "Allow traffic from LAN -> internet" -j ACCEPT
iptables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow return traffic from internet -> LAN" -j ACCEPT
iptables -A FORWARD -m comment --comment "Reject all remaining traffic" -j REJECT
|
edits