Re: [masq] net-tools and icmp masquerading
Anyone in this list using kernel 2.0.35/36 can do a ping to some site to internet, and for the linux masquerade server can do a netstat -M ??? what do it report??? if it come up with an error it si like me, if it report nothing the icmp masquerading isn't working, if it come up with somthing like this: IP masquerading entries prot expire source destination ports tcp 1:59.98 Itamik.altro.it venere.inet.it 1075 - nntp (61233) naturally the prot field would be better to be icmp, but from my machine i can see only tcp or udp entry. The icmp works, i reach the site and can see the reply, but net-tools are offended for this thing. Bye - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] net-tools and icmp masquerading
Hi everyone. As I am using the mentioned configuration (RedHat 5.2 with kernel 2.0.36) I gave this a try and my results seem to backup what Michele is saying: BEFORE pinging I typed in the following two commands and got the expected response: ipfwadm -M -l IP masquerading entries prot expire source destination ports tcp 09:59.26 192.168.100.5ftp.univie.ac.at 1318 (61067) - ftp udp 01:48.42 192.168.100.5icq.mirabilis.com1333 (61079) - 4000 ./netstat -M IP masquerading entries prot expire source destination ports tcp 9:50.08 192.168.100.5ftp.univie.ac.at 1318 - ftp (61067) udp 1:59.36 192.168.100.5icq.mirabilis.com1333 - 4000 (61079) (192.168.100.5 ist the masqueraded machine, 192.168.100.1 would be my linux box) THEN I did a "ping www.linux.org" on my internal machine and got the following results: ipfwadm -M -l IP masquerading entries ipfwadm: unexpected input data Try `ipfwadm -h' for more information. ./netstat -M masq_info.c: Internal Error `ip_masquerade unknown type'. I have encountered the "ipfwadm: unexpected input data" error before, but never new what caused it. Now it seems that does indeed indicate nothing else but a masqueraded ICMP entry. After waiting a while (presumably until the ICMP entry expired) I got "normal" results out of the above commands again. Robert. Robert Wunderer mailto:[EMAIL PROTECTED] http://www.fait.at On Thursday, February 11, 1999 10:11 AM, Michele Nicosia [SMTP:[EMAIL PROTECTED]] wrote: Anyone in this list using kernel 2.0.35/36 can do a ping to some site to internet, and for the linux masquerade server can do a netstat -M ??? what do it report??? if it come up with an error it si like me, if it report nothing the icmp masquerading isn't working, if it come up with somthing like this: IP masquerading entries prot expire source destination ports tcp 1:59.98 Itamik.altro.it venere.inet.it 1075 - nntp (61233) naturally the prot field would be better to be icmp, but from my machine i can see only tcp or udp entry. The icmp works, i reach the site and can see the reply, but net-tools are offended for this thing. Bye - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] net-tools and icmp masquerading
THEN I did a "ping www.linux.org" on my internal machine and got the following results: Now it is important to say this: it works??? It si clear that the net-tools doesn't show the packets status, but the client is working well Michele - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] net-tools and icmp masquerading
Michele Nicosia [EMAIL PROTECTED] wrote: Anyone in this list using kernel 2.0.35/36 can do a ping to some site to internet, and for the linux masquerade server can do a netstat -M? What does it report??? Mine says: netstat.c: feature `FW_MASQUERADE' not supported. Please recompile `net-tools' with newer kernel source or full configuration. I imagine many people on this list have not rebuilt their tools to support masquerade. I haven't bothered, because I use ipchains to list out the connections, i.e. "ipchains -M -L". It works fine. So, I guess I am not much help in resolving this problem, since I don't see it. But it appears that others do see the problem. -- [EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut sometimes known as David DeSimone || butter quite like unrequited love." http://www.dallas.net/~fox/ || -- Charlie Brown - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] net-tools and icmp masquerading
Michele Nicosia [EMAIL PROTECTED] wrote: In order to see the masquerade packet I need to add HAVE_FW_MASQUERADE to config.h, but in order to see the icmp packet what is the tricks?? If I understand your question correctly, you are wondering what happened to the CONFIG_IP_MASQUERADE_ICMP configuration option? It is no longer needed, because 2.2 masquerades ICMP traffic without a special config option. error: masq_info.c: Internal Error `ip_masquerade unknown type' I'm not familiar with this message; what did you do that made it show up on your screen? It looks like a compile error in the source file?? Please note that you should not edit "config.h" directly and insert "HAVE_WHATEVER" options directly. You should instead use the standard kernel configuration system, either "make xconfig", "make menuconfig", or "make config", whichever you like best. -- [EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut sometimes known as David DeSimone || butter quite like unrequited love." http://www.dallas.net/~fox/ || -- Charlie Brown - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] net-tools and icmp masquerading
Hi all, in this moment i'm moving form 2.0.35 to 2.2.1 and i'm reistalling some utility with new release like net-tools.In order to see the masqurade packet i need to add HAVE_FW_MASQUERADE to config.h , but in order to see th eicmp packet whati is the tricks?? i reistalled ther kernel with all the support for the masquerading/ipchains support but the netstat show me this error: masq_info.c: Internal Error `ip_masquerade unknown type' Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
