i never got DNS to masq right under 2.2 my solution was to run a DNS on the box doing the masq and point the clients to it
nate On Fri, 19 Nov 1999 [EMAIL PROTECTED] wrote: fairfa >I have ipchains working, but my workstations cannot get out to the internet because of a DNS problem. (When I try to ping any host from the workstations I get the message Host not found.) fairfa > fairfa >I have kernel 2.2.12, running IP MASQ and ipchains. fairfa > fairfa >/etc/init.d/network on the server looks like this: fairfa >-------------------------------------------------- fairfa >ifconfig lo 127.0.0.1 fairfa >route add -net 127.0.0.0 netmask 255.0.0.0 dev lo fairfa > fairfa >ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 up fairfa >route add -net 192.168.1.0 dev eth0 fairfa > fairfa >echo "1" > /proc/sys/net/ipv4/ip_forward fairfa > fairfa >ifchains -P forward DENY fairfa >ipchains -A forward -s 192.168.1.0/24 -j MASQ fairfa >-------------------------------------------------- fairfa >on the workstation: fairfa >-------------------------------------------------- fairfa >ifconfig lo 127.0.0.1 fairfa >route add -net 127.0.0.0 netmask 255.0.0.0 dev lo fairfa > fairfa >ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 up fairfa >route add -net 192.168.1.0 dev eth0 fairfa > fairfa >route add default gw 192.168.1.1 fairfa >-------------------------------------------------- fairfa >resolv.conf on both machines just has two lines, one for each of the nameservers my ISP uses. fairfa > fairfa >Issuing the command fairfa ># ipmasq -d fairfa >from the server gives the following output: fairfa >-------------------------------------------------- fairfa >/sbin/ipchains -P input DENY fairfa >/sbin/ipchains -P output DENY fairfa >/sbin/ipchains -P forward DENY fairfa >/sbin/ipchains -F input fairfa >/sbin/ipchains -F output fairfa >/sbin/ipchains -F forward fairfa >/sbin/ipchains -A input -j ACCEPT -i lo fairfa >/sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.255.0 fairfa >/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 206.11.2.183/32 fairfa >/sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.1.1/255.255.255.0 -l fairfa >/sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.1.1/255.255.255.0 fairfa >/sbin/ipchains -A output -j ACCEPT -i lo fairfa >/sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.255.0 fairfa >/sbin/ipchains -A output -j ACCEPT -i ppp0 -s 206.11.2.183/255.255.255.255 fairfa >/sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.1.1/255.255.255.0 -l fairfa >-------------------------------------------------- fairfa >I can ping anything from the server, but not from the workstations. fairfa > fairfa >What am I doing wrong? fairfa > fairfa >Steven C. Martin fairfa > fairfa > fairfa >-- fairfa >Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null fairfa > ----------------------------------------[mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336 http://www.linuxpowered.net/ Powered By: http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/ -----------------------------------------[mailto:[EMAIL PROTECTED] ]-- 10:15pm up 92 days, 9:50, 1 user, load average: 1.17, 1.51, 1.67