Robert Wunderer
Thu, 11 Feb 1999 08:29:02 -0500
Hi everyone. As I am using the mentioned configuration (RedHat 5.2 with kernel 2.0.36) I gave this a try and my results seem to backup what Michele is saying: BEFORE pinging I typed in the following two commands and got the expected response: > ipfwadm -M -l IP masquerading entries prot expire source destination ports tcp 09:59.26 192.168.100.5 ftp.univie.ac.at 1318 (61067) -> ftp udp 01:48.42 192.168.100.5 icq.mirabilis.com 1333 (61079) -> 4000 > ./netstat -M IP masquerading entries prot expire source destination ports tcp 9:50.08 192.168.100.5 ftp.univie.ac.at 1318 -> ftp (61067) udp 1:59.36 192.168.100.5 icq.mirabilis.com 1333 -> 4000 (61079) (192.168.100.5 ist the masqueraded machine, 192.168.100.1 would be my linux box) THEN I did a "ping www.linux.org" on my internal machine and got the following results: > ipfwadm -M -l IP masquerading entries ipfwadm: unexpected input data Try `ipfwadm -h' for more information. > ./netstat -M masq_info.c: Internal Error `ip_masquerade unknown type'. I have encountered the "ipfwadm: unexpected input data" error before, but never new what caused it. Now it seems that does indeed indicate nothing else but a masqueraded ICMP entry. After waiting a while (presumably until the ICMP entry expired) I got "normal" results out of the above commands again. Robert. ------------------------------------------------------------ Robert Wunderer mailto:[EMAIL PROTECTED] http://www.fait.at ------------------------------------------------------------ On Thursday, February 11, 1999 10:11 AM, Michele Nicosia [SMTP:[EMAIL PROTECTED]] wrote: > Anyone in this list using kernel 2.0.35/36 can do a ping to some site to > internet, and for the linux masquerade server can do a netstat -M ??? what > do it report??? if it come up with an error it si like me, if it report > nothing the icmp masquerading isn't working, if it come up with somthing > like this: > IP masquerading entries > prot expire source destination ports > tcp 1:59.98 Itamik.altro.it venere.inet.it 1075 -> nntp > (61233) > > naturally the prot field would be better to be icmp, but from my machine i > can see only tcp or udp entry. > The icmp works, i reach the site and can see the reply, but net-tools are > offended for this thing. > > > Bye > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For daily digest info, email [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]