{"id":189,"date":"2010-02-22T13:28:04","date_gmt":"2010-02-22T19:28:04","guid":{"rendered":"http:\/\/dmartenson.dc.multitech.prv\/developer\/?page_id=189"},"modified":"2011-11-23T14:43:31","modified_gmt":"2011-11-23T20:43:31","slug":"ppp-masq","status":"publish","type":"page","link":"https:\/\/www.multitech.net\/developer\/software\/corecdp\/applications\/ppp-masq\/","title":{"rendered":"PPP Masquerading and Firewalling"},"content":{"rendered":"<p>To enable the MTCDP to be used as a router\/firewall, an example script is provided that adds the necessary iptables rules and enables IP forwarding.<\/p>\n<p>See <a href=\"http:\/\/git.multitech.net\/cgi-bin\/cgit.cgi\/corecdp.git\/tree\/multitech\/contrib\/ppp-masq-fw\">${OETREE}\/multitech\/contrib\/ppp-masq-fw<\/a><\/p>\n<pre class=\"brush:shell\">\r\n#!\/usr\/bin\/env bash\r\n\r\n# Flush all the tables first\r\niptables -t filter -F\r\niptables -t nat -F\r\niptables -t mangle -F\r\n\r\niptables -t filter -P INPUT DROP\r\niptables -t filter -A INPUT -i lo -j ACCEPT\r\niptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\r\n\r\n# Accept ssh from the LAN (Wired)\r\niptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT\r\n# Accept http from the LAN (Wired)\r\niptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT\r\n# Accept tftp from the LAN (Wired)\r\n#iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT\r\n\r\n# Accept ssh from the WAN (Wireless)\r\n#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT\r\n# Accept http from the WAN (Wireless)\r\n#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT\r\n\r\niptables -t filter -P FORWARD DROP\r\niptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT\r\niptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT\r\n\r\niptables -t filter -P OUTPUT ACCEPT\r\n\r\niptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE\r\n\r\n# turn on packet forwarding last\r\necho 1 > \/proc\/sys\/net\/ipv4\/ip_forward\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>To enable the MTCDP to be used as a router\/firewall, an example script is provided that adds the necessary iptables rules and enables IP forwarding. See ${OETREE}\/multitech\/contrib\/ppp-masq-fw #!\/usr\/bin\/env bash # Flush all the tables first iptables -t filter -F iptables -t nat -F iptables -t mangle -F iptables -t filter -P INPUT DROP iptables -t [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":324,"menu_order":5,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"class_list":["post-189","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/pages\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/comments?post=189"}],"version-history":[{"count":18,"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/pages\/189\/revisions"}],"predecessor-version":[{"id":2210,"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/pages\/189\/revisions\/2210"}],"up":[{"embeddable":true,"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/pages\/324"}],"wp:attachment":[{"href":"https:\/\/www.multitech.net\/developer\/wp-json\/wp\/v2\/media?parent=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}