Greetings!
A Leap-42.3, running as KVM guest, serves as internet gateway (GTW 192.168.1.222) for the local network (192.168.1.0)
The networkdevice eth0 is intern and eth1 is extern.
Both devices are bridged from the KVM host.
Firewalling is done with SuSEFirewall2, everything standard.
Works well since years.
Sometimes, once a year or so, the cable-modem (internet connection eth1) fails and I need a backup internet connection.
For this purpouse I use a HuaweiE220 UBS stick attached to the gateway computer.
Using wvdial I dial up my GSM internet provider, works well so far.
ifconfig shows the device ppp0 and journalctl -f shows
Jun 14 12:32:27 GTW pppd[7131]: Plugin passwordfd.so loaded.
Jun 14 12:32:27 GTW pppd[7131]: pppd 2.4.7 started by monitor, uid 0
Jun 14 12:32:27 GTW pppd[7131]: Using interface ppp0
Jun 14 12:32:27 GTW pppd[7131]: Connect: ppp0 <–> /dev/ttyUSB0
Jun 14 12:32:27 GTW pppd[7131]: CHAP authentication succeeded
Jun 14 12:32:27 GTW pppd[7131]: CHAP authentication succeeded
Jun 14 12:32:31 GTW pppd[7131]: Could not determine remote IP address: defaulting to 10.64.64.64
Jun 14 12:32:31 GTW pppd[7131]: local IP address 10.27.128.130
Jun 14 12:32:31 GTW pppd[7131]: remote IP address 10.64.64.64
Jun 14 12:32:31 GTW pppd[7131]: primary DNS address xxx.xxx.xxx.xxx
Jun 14 12:32:31 GTW pppd[7131]: secondary DNS address yyy.yyy.yyy.yyy
Jun 14 12:32:31 GTW nscd[666]: 666 monitored file /etc/resolv.conf
was written to
Jun 14 12:32:31 GTW pppd[7131]: Script /etc/ppp/ip-up finished (pid 7138), status = 0x0
The settings of SuSEFirewall2 are obviously sufficient to protect the gateway machine from outside access.
A networkcheck shows no open ports, as expected.
Intenet browsing from GTW works.
However, internet access from a network client 192.168.1.20 does not work, it is filtered by the default SuSEFirewall2 setting:
Jun 14 12:32:35 GTW kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=ppp0 MAC=aa:bb:00:00:02:22:34:97:f6:a3:59:e1:08:00 SRC=192.168.1.20 DST=aaa.aaa.aaa.aaa LEN=66 TOS=0x00 PREC=0x00 TTL=127 ID=30822 PROTO=UDP SPT=56162 DPT=53 LEN=46
The OUT device ppp0 is filtered.
Questions:
-
Do I have to manually insert aNAT rule to the firewall/iptables to provide network address translation from eth0 to ppp0?
-
What would be the appropriate approach to configure the ppp0 interface with yast, defining it as external device?
Thanks for reading and hints
Wolf