Hi, Matt --
On Thu, 30 Mar 2000 17:38:05 -0600, matt garman <[EMAIL PROTECTED]> wrote:
> Perhaps I'm not making myself clear. I just want to get IP Masquerading
> working on my Linux box. So I read the IP Masquerading howto. But I
> believe some steps outlined in the howto would be redundant given the
> packages I have installed on my computer.
>
> In other words, having installed ipmasq and other related Debian packages,
> do I still need to follow all the steps in the howto?
The answer seems to be, "Yes...sort of." :-) See if this helps:
I've got a dial-up connection, and a 2-station LAN, with my brother's machine
needing to dial out through the modem on my machine. What appears to have been
necessary to get this working included these steps:
- ipmasq and ipchains are installed;
- ip_masquerading is enabled in the kernel -- not sure why, but it wasn't
enabled in the 2.2.14 kernel I had, and I had to compile one in which it was
enabled. I think it's possible I might've answered a question during
installation that switched masquerading 'off', but I don't know for sure.
Whatever -- if you run ipmasq, you'll either get a message about masquerading
not being enabled, or you won't, and can go from there.
- forwarding policies are set to 'allow' -- the default on these,
understandably, is 'deny', so you have to take active steps to get forwarding
turned 'on'. These commands do that across-the-board (leaving you wide open,
so this is not a good final state to be in if you're hosting folks with a
permanent connection, etc.):
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
- also do:
echo "1" > /proc/sys/net/ipv4/ip_forward
- and, yes:
ipchains -A forward -s 10.0.0.30 -j MASQ
...with the IP to be masqueraded in place of the 10.0.0.30 I'm showing here.
NOTE, all this is about using ipmasq with 2.2.14 and ipchains. The HOW-TO
instructions are (for the moment) confusing about this, since they mention
ipfwadm, etc., and only if your eyes haven't yet glazed over do you locate the
info at the -bottom- of the HOW-TO that mentions the "new" ipchains.
Helps...?
-- Jeff -- <http://www.wellnow.com>
"There's nothing left in the world to prove. All that's worth doing
is to love one another, using whatever means are available to serve."
