From a3d917833a1c76986695b91e2bf94540fbf46c05 Mon Sep 17 00:00:00 2001
From: tuxcrafter <tuxcrafter@web>
Date: Sun, 4 Jul 2010 15:18:26 +0200
Subject: [PATCH] updated client side configuration with optional feature to
 connect an available client side network over tinc

---
 .../simple-bridging-with-dhcp-client-side.mdwn  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/examples/simple-bridging-with-dhcp-client-side.mdwn b/examples/simple-bridging-with-dhcp-client-side.mdwn
index 9b22c4c..0f6c027 100644
--- a/examples/simple-bridging-with-dhcp-client-side.mdwn
+++ b/examples/simple-bridging-with-dhcp-client-side.mdwn
@@ -3,7 +3,7 @@
 >     # Company:  PowerCraft Technology
 >     # Author:   Copyright Jelle de Jong <jelledejong@powercraft.nl>
 >     # Note:     Please send me an email if you enhanced the document
->     # Date:     2010-05-24
+>     # Date:     2010-05-24 / 2010-07-04
 >     # License:  CC-BY-SA
 >     
 >     # This document is free documentation; you can redistribute it and/or
@@ -213,6 +213,8 @@
 >     
 >     #-----------------------------------------------------------------------
 >     
+>     # watch out when using multiple dhcp clients there can be conflicts
+>    
 >     echo 'interface "tun1" {
 >       request subnet-mask, broadcast-address, time-offset,
 >         host-name, netbios-scope, interface-mtu, ntp-servers;
@@ -230,6 +232,10 @@
 >       post-up route del default dev tun1 || true
 >       # pre-down /etc/init.d/munin-node stop || true
 >       # post-up /etc/init.d/munin-node restart || true
+>       # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true
+>       # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true
+>       # optional # post-up route add -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
+>       # optional # pre-down route del -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
 >     
 >     #-----------------------------------------------------------------------
 >     
@@ -309,3 +315,12 @@
 >     lsof -i :656
 >     
 >     #-----------------------------------------------------------------------
+>     
+>     # Accept new connections for fordwarding designated from our virtual private netwerk to the local network
+>     /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT
+>     /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT
+>     
+>     # Use masquerade so the outside world sees only one ip source for all outgoing trafic
+>     /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE
+>     
+>     #-----------------------------------------------------------------------
-- 
2.20.1