This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
osx:start [2017/12/05 12:54] robm [VPN over SSH] |
osx:start [2017/12/05 13:03] robm [VPN over SSH] |
||
---|---|---|---|
Line 671: | Line 671: | ||
Configure IPv4 (ICMP+TCP+UDP) forwarding and Network Address Translation (NAT): | Configure IPv4 (ICMP+TCP+UDP) forwarding and Network Address Translation (NAT): | ||
- | - In the root shell on the **server**: < | + | - In the root shell on the **server** |
- | - echo 1 > / | + | # Prepare networking stack for use by forced commands in |
- | /sbin/iptables -t nat -F | + | # /root/.ssh/authorized_keys that creates a point-to-point network (via tun0) |
- | /sbin/iptables | + | # between 172.16.0.1 (this host) and 172.16.0.2 |
+ | |||
+ | # We then want to enabling forwarding of IPv4 traffic, i.e. we want to act as a | ||
+ | # router. We enable this in the kernel, and then ensure traffic originating | ||
+ | # from the remote side of the point-to-point link is accepted, and any | ||
+ | # responses are likewise accepted | ||
+ | echo 1 > / | ||
/ | / | ||
- | / | + | / |
+ | | ||
/ | / | ||
+ | |||
+ | # Any traffic originating from the remote side should go through Network | ||
+ | # Address Translation (NAT), so responses from (e.g.) DNS servers are sent to | ||
+ | # this host, so *we* can forward it to the remote end. This is the MASQUERADE | ||
+ | # rule. | ||
+ | / | ||
+ | / | ||
# Monitor packets | # Monitor packets |