-> firewall# ifconfig
-> ppp0 Link encap:Point-to-Point Protocol
-> inet addr:123.234.123.1 P-t-P:123.234.120.1 Mask:255.255.255.255
-> UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
-> ...
->
-> eth0 Link encap:Ethernet HWaddr 00:20:13:14:15:16
-> inet addr:10.20.30.1 Bcast:10.20.30.255 Mask:255.255.255.0
-> UP BROADCAST RUNNING MTU:1500 Metric:1
-> ...
->
-> lo Link encap:Local Loopback
-> inet addr:127.0.0.1 Mask:255.0.0.0
-> UP LOOPBACK RUNNING MTU:3856 Metric:1
-> ...
->
-> firewall# route
-> Kernel IP routing table
-> Destination Gateway Genmask Flags Metric Ref Use Iface
-> 10.20.30.0 * 255.255.255.0 U 0 0 0 eth0
-> default 123.234.120.1 0.0.0.0 UG 0 0 0 ppp0
->
-> firewall# iptables -L -v
-> Chain INPUT (policy ACCEPT 1234 packets, 123K bytes)
-> pkts bytes target prot opt in out source destination
->
-> Chain FORWARD (policy DROP 1234 packets, 123K bytes)
-> pkts bytes target prot opt in out source destination
-> 1234 123K ACCEPT any -- ppp0 eth0 anywhere 10.20.30.0/24
-> 1234 123K ACCEPT any -- eth0 ppp0 10.20.30.0/24 anywhere
->
-> Chain OUTPUT (policy ACCEPT 2161K packets, 364M bytes)
-> pkts bytes target prot opt in out source destination
->
-> firewall# iptables -L -v -t nat
-> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
-> pkts bytes target prot opt in out source destination
-> 1234 123K DNAT tcp -- ppp0 any anywhere anywhere tcp dpt:655 to:10.20.30.42:655
-> 1234 123K DNAT udp -- ppp0 any anywhere anywhere udp dpt:655 to:10.20.30.42:655
->
-> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
-> pkts bytes target prot opt in out source destination
-> 1234 123K MASQUERADE all -- eth0 ppp0 anywhere anywhere
->
-> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
-> pkts bytes target prot opt in out source destination
->
-> firewall# cat /etc/init.d/firewall
-> #!/bin/sh
->
-> echo 1 >/proc/sys/net/ipv4/ip_forward
->
-> iptables -P FORWARD DROP
-> iptables -F FORWARD
-> iptables -A FORWARD -j ACCEPT -i ppp0 -o eth0 -d 10.20.30.0/24
-> iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -s 10.20.30.0/24
->
-> iptables -t nat -F POSTROUTING
-> # Next rule prevents masquerading from altering source port of outbound tinc packets
-> iptables -t nat -A POSTROUTING -p udp -m udp -sport 655 -j MASQUERADE -o ppp0 --to-ports 655
-> iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0
->
-> iptables -t nat -F PREROUTING
-> # Next two rules forward incoming tinc packets to the host behind the firewall running tinc
-> iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p tcp --dport 655 --to 10.20.30.42:655
-> iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p udp --dport 655 --to 10.20.30.42:655
+ firewall# ifconfig
+ ppp0 Link encap:Point-to-Point Protocol
+ inet addr:123.234.123.1 P-t-P:123.234.120.1 Mask:255.255.255.255
+ UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
+ ...
+
+ eth0 Link encap:Ethernet HWaddr 00:20:13:14:15:16
+ inet addr:10.20.30.1 Bcast:10.20.30.255 Mask:255.255.255.0
+ UP BROADCAST RUNNING MTU:1500 Metric:1
+ ...
+
+ lo Link encap:Local Loopback
+ inet addr:127.0.0.1 Mask:255.0.0.0
+ UP LOOPBACK RUNNING MTU:3856 Metric:1
+ ...
+
+ firewall# route
+ Kernel IP routing table
+ Destination Gateway Genmask Flags Metric Ref Use Iface
+ 10.20.30.0 * 255.255.255.0 U 0 0 0 eth0
+ default 123.234.120.1 0.0.0.0 UG 0 0 0 ppp0
+
+ firewall# iptables -L -v
+ Chain INPUT (policy ACCEPT 1234 packets, 123K bytes)
+ pkts bytes target prot opt in out source destination
+
+ Chain FORWARD (policy DROP 1234 packets, 123K bytes)
+ pkts bytes target prot opt in out source destination
+ 1234 123K ACCEPT any -- ppp0 eth0 anywhere 10.20.30.0/24
+ 1234 123K ACCEPT any -- eth0 ppp0 10.20.30.0/24 anywhere
+
+ Chain OUTPUT (policy ACCEPT 2161K packets, 364M bytes)
+ pkts bytes target prot opt in out source destination
+
+ firewall# iptables -L -v -t nat
+ Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
+ pkts bytes target prot opt in out source destination
+ 1234 123K DNAT tcp -- ppp0 any anywhere anywhere tcp dpt:655 to:10.20.30.42:655
+ 1234 123K DNAT udp -- ppp0 any anywhere anywhere udp dpt:655 to:10.20.30.42:655
+
+ Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
+ pkts bytes target prot opt in out source destination
+ 1234 123K MASQUERADE all -- eth0 ppp0 anywhere anywhere
+
+ Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
+ pkts bytes target prot opt in out source destination
+
+ firewall# cat /etc/init.d/firewall
+ #!/bin/sh
+
+ echo 1 >/proc/sys/net/ipv4/ip_forward
+
+ iptables -P FORWARD DROP
+ iptables -F FORWARD
+ iptables -A FORWARD -j ACCEPT -i ppp0 -o eth0 -d 10.20.30.0/24
+ iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -s 10.20.30.0/24
+
+ iptables -t nat -F POSTROUTING
+ # Next rule prevents masquerading from altering source port of outbound tinc packets
+ iptables -t nat -A POSTROUTING -p udp -m udp --sport 655 -j MASQUERADE -o ppp0 --to-ports 655
+ iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0
+
+ iptables -t nat -F PREROUTING
+ # Next two rules forward incoming tinc packets to the host behind the firewall running tinc
+ iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p tcp --dport 655 --to 10.20.30.42:655
+ iptables -t nat -A PREROUTING -j DNAT -i ppp0 -p udp --dport 655 --to 10.20.30.42:655