* [gentoo-user] loopback into gentoo iptables @ 2007-10-05 15:42 Walter Willis 2007-10-05 16:00 ` Hans-Werner Hilse 0 siblings, 1 reply; 5+ messages in thread From: Walter Willis @ 2007-10-05 15:42 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 194 bytes --] I have modem asdl zyxel 660 and activate loopback with command: "ip nat loopback on" the ask is: it is into gentoo linux with iptables ? the compiler module especial for function? Thanks !!! [-- Attachment #2: Type: text/html, Size: 231 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] loopback into gentoo iptables 2007-10-05 15:42 [gentoo-user] loopback into gentoo iptables Walter Willis @ 2007-10-05 16:00 ` Hans-Werner Hilse 2007-10-05 22:23 ` Dan Farrell 2007-10-14 22:08 ` Mick 0 siblings, 2 replies; 5+ messages in thread From: Hans-Werner Hilse @ 2007-10-05 16:00 UTC (permalink / raw To: gentoo-user Hi, On Fri, 5 Oct 2007 10:42:42 -0500 "Walter Willis" <walterwn@gmail.com> wrote: > I have modem asdl zyxel 660 and activate loopback with command: "ip nat > loopback on" Where do you enter that and why? What is the thing _you_ call a loopback? On what device or machine does it exist? You don't seem to be talking about the "ifup" tool (since you talk about "ip", which however does not know the "nat" mode?!?), and you don't seem to be talking about the lo device either. > the ask is: > it is into gentoo linux with iptables ? Errm, again: What? Setting up you loopback device on gentoo is done automatically by /etc/init.d/net.lo. Should be run on bootup by rc, check "rc-update show". Setting up NAT works using a sysctl (or the procfs). Restricting the NAT works using iptables. > the compiler module especial for function? Errrr.... Again, not sure what you are asking here... Yes, you need kernel modules for both NAT to work and as well netfilter modules for the chains and targets and matches you want to use with iptables. They don't really have to be modules, you can compile them statically into the kernel as well. If unsure, rephrase your question -- and be a bit more verbose on what you intend to do... A bit more information might as well cure lack of proper vocabulary... Give examples, try to describe the setting. -hwh -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] loopback into gentoo iptables 2007-10-05 16:00 ` Hans-Werner Hilse @ 2007-10-05 22:23 ` Dan Farrell 2007-10-05 23:20 ` Hans-Werner Hilse 2007-10-14 22:08 ` Mick 1 sibling, 1 reply; 5+ messages in thread From: Dan Farrell @ 2007-10-05 22:23 UTC (permalink / raw To: gentoo-user On Fri, 5 Oct 2007 18:00:56 +0200 Hans-Werner Hilse <hilse@web.de> wrote: > Setting up NAT works using a sysctl (or the procfs). Restricting the > NAT works using iptables. I don't think that's quite right. Correct me if i'm wrong (please) but this should read, "Setting up forwarding works using a sysctl... and configuring and restricting the NAT works using iptables" Network Address Translation is taken care of by iptables itself, not just firewalled that way. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] loopback into gentoo iptables 2007-10-05 22:23 ` Dan Farrell @ 2007-10-05 23:20 ` Hans-Werner Hilse 0 siblings, 0 replies; 5+ messages in thread From: Hans-Werner Hilse @ 2007-10-05 23:20 UTC (permalink / raw To: gentoo-user Hi, On Fri, 5 Oct 2007 17:23:38 -0500 Dan Farrell <dan@spore.ath.cx> wrote: > > Setting up NAT works using a sysctl (or the procfs). Restricting the > > NAT works using iptables. > > I don't think that's quite right. Correct me if i'm wrong (please) but > this should read, > > "Setting up forwarding works using a sysctl... and configuring > and restricting the NAT works using iptables" > > Network Address Translation is taken care of by iptables itself, not > just firewalled that way. Thanks, I missed that, of course you're right! NAT would be masquerading, and that's in fact netfilter/iptables' job. I was probably just thinking about routing/forwarding in general... -hwh -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] loopback into gentoo iptables 2007-10-05 16:00 ` Hans-Werner Hilse 2007-10-05 22:23 ` Dan Farrell @ 2007-10-14 22:08 ` Mick 1 sibling, 0 replies; 5+ messages in thread From: Mick @ 2007-10-14 22:08 UTC (permalink / raw To: gentoo-user On 05/10/2007, Hans-Werner Hilse <hilse@web.de> wrote: > Hi, > > On Fri, 5 Oct 2007 10:42:42 -0500 > "Walter Willis" <walterwn@gmail.com> wrote: > > > I have modem asdl zyxel 660 and activate loopback with command: "ip nat > > loopback on" > > Where do you enter that and why? What is the thing _you_ call a > loopback? On what device or machine does it exist? You don't seem to be > talking about the "ifup" tool (since you talk about "ip", which however > does not know the "nat" mode?!?), and you don't seem to be talking > about the lo device either. > > > the ask is: > > it is into gentoo linux with iptables ? > > Errm, again: What? Setting up you loopback device on gentoo is done > automatically by /etc/init.d/net.lo. Should be run on bootup by rc, > check "rc-update show". > > Setting up NAT works using a sysctl (or the procfs). Restricting the > NAT works using iptables. > > > the compiler module especial for function? > > Errrr.... Again, not sure what you are asking here... Yes, you need > kernel modules for both NAT to work and as well netfilter modules for > the chains and targets and matches you want to use with iptables. They > don't really have to be modules, you can compile them statically into > the kernel as well. > > If unsure, rephrase your question -- and be a bit more verbose on what > you intend to do... A bit more information might as well cure lack of > proper vocabulary... Give examples, try to describe the setting. My telepathic abilities are getting rusty these days, but if guessing is allowed I think that the OP wanted to set up gentoo so that he could access the Zyxel router's firewall and modify its rules, from the Gentoo desktop. Either that, or he's thinking of building an embedded image for Zyxel?! More info would no doubt help. If not anything else, tell us what Zyxel can and cannot do - if it allows ssh access to its OS, then you may be able to set up firewall builder on the Gentoo box and use that to access/setup the Zyxel firewall. If you are running OpenWRT (not sure if this would run on Zyxel, but just don't stop me guessing now) you should be able to cook something so that firewall builder could hook into it. Best of luck, -- Regards, Mick -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-10-14 22:25 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-10-05 15:42 [gentoo-user] loopback into gentoo iptables Walter Willis 2007-10-05 16:00 ` Hans-Werner Hilse 2007-10-05 22:23 ` Dan Farrell 2007-10-05 23:20 ` Hans-Werner Hilse 2007-10-14 22:08 ` Mick
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox