(Illustration by Gaich Muramatsu)
On Wed, Mar 21, 2001 at 12:41:17PM +1000, Vaughan Clarkson wrote: > involves running pppd inside pppd over ssh. However, this sets up a > second interface (ppp0) on the Coda server, as well as the usual eth0, > which have different IP addresses. So although I can `access' my Coda > server (i.e., I can ping, ssh, etc., over the new interface), I can't > actually mount a Coda filesystem from home since Coda seems to be > sensitive about which interface it's responding to. However, I don't ... > Is there any solution to this problem? My current thought is that I'll > have to bridge the two interfaces, but it all seems so messy. Am > I missing something obvious? My guess is that some evil routing/NAT trickery on the client is needed here. The Coda server reports it's eth0 ip-address as the 'contact' address, however the client will not be able to reach the server when sending packets to that address because of the firewall. First of all, the newer Coda clients and servers make life somewhat simpler when the 'masquerade=1' option is set in /etc/coda/venus.conf. In this case the only traffic between clients and servers should be to ports 370/udp and 2433/udp on the server. I would use a firewall to mark outgoing packets to udp ports 370 and 2433 and reroute these over the ppp interface. The fact that there is only one server makes it a lot easier, because we can simply rewrite the destination ip-address in the outgoing packets without bothering about really correct routing once we're through the firewall. The following might work with netfilter (linux 2.4 kernel fw), modprobe iptables_nat iptables -t nat -A OUTPUT --protocol udp --destination-port 370 -j DNAT \ --to-destination <ip-address-of-server-ppp0> iptables -t nat -A OUTPUT -protocol udp --destination-port 2433 -j DNAT \ --to-destination <ip-address-of-server-ppp0> Linux 2.2 solution would be similar to, ipmasqadm portfw -a -P udp -L <ip-address-of-server-eth0> 370 \ -R <ip-address-of-server-ppp0 370 ipmasqadm portfw -a -P udp -L <ip-address-of-server-eth0> 2433 \ -R <ip-address-of-server-ppp0 2433 Ofcourse, I never tried this so there might still be some surprises, JanReceived on 2001-03-20 22:49:37