Hi! I have configured a linux box as a router for my home LAN using ip-masquerade but now I am having some problems.
My configuration: * 486/100Mhz 16 Mbytes ram debian potato as a router * 56 k modem ppp link (it works fine from the router) * Kernel 2.2.17 recompiled according to IP-Masquerade-HOWTO * rules configured using pmfirewall they look like this: (62.83.136.124 here is a dynamic dialup ip) Chain input (policy ACCEPT): target prot opt source destination ports ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT tcp !y---- 0.0.0.0/0 62.83.136.124 * -> * DENY all ------ 10.0.0.0/8 62.83.136.124 n/a DENY all ------ 127.0.0.0/8 62.83.136.124 n/a DENY all ------ 172.16.0.0/12 62.83.136.124 n/a DENY all ------ 192.168.0.0/16 62.83.136.124 n/a DENY tcp ----l- 0.0.0.0/0 62.83.136.124 * -> 31337 DENY udp ----l- 0.0.0.0/0 62.83.136.124 * -> 31337 DENY tcp ----l- 0.0.0.0/0 62.83.136.124 * -> 12345:12346 DENY udp ----l- 0.0.0.0/0 62.83.136.124 * -> 12345:12346 DENY tcp ----l- 0.0.0.0/0 62.83.136.124 * -> 1524 DENY tcp ----l- 0.0.0.0/0 62.83.136.124 * -> 27665 DENY udp ----l- 0.0.0.0/0 62.83.136.124 * -> 27444 DENY udp ----l- 0.0.0.0/0 62.83.136.124 * -> 31335 DENY all ------ 224.0.0.0/8 0.0.0.0/0 n/a DENY all ------ 0.0.0.0/0 224.0.0.0/8 n/a ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 67:68 ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 22 ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 25 ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 80 ACCEPT tcp ------ 192.168.10.0/24 62.83.136.124 * -> 110 ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 113 ACCEPT udp ------ 0.0.0.0/0 62.83.136.124 * -> 113 ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 123 ACCEPT udp ------ 0.0.0.0/0 62.83.136.124 * -> 123 DENY tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 137:139 DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 137:139 REJECT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 520 DENY tcp ----l- 0.0.0.0/0 0.0.0.0/0 * -> 2049 DENY udp ----l- 0.0.0.0/0 0.0.0.0/0 * -> 2049 DENY tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5999:6003 DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5999:6003 ACCEPT all ------ 192.168.10.0/24 0.0.0.0/0 n/a ACCEPT icmp ------ 0.0.0.0/0 62.83.136.124 * -> * ACCEPT tcp ------ 0.0.0.0/0 62.83.136.124 * -> 1023:65535 ACCEPT udp ------ 0.0.0.0/0 62.83.136.124 * -> 1023:65535 DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a Chain forward (policy DENY): target prot opt source destination ports ACCEPT all ------ 192.168.10.0/24 192.168.10.0/24 n/a ACCEPT all ------ 62.83.136.124 0.0.0.0/0 n/a MASQ all ------ 192.168.10.0/24 0.0.0.0/0 n/a Chain output (policy ACCEPT): target prot opt source destination ports ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT all ------ 192.168.10.0/24 0.0.0.0/0 n/a - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 80 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 23 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 21 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 110 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 25 - tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 20 ACCEPT icmp ------ 192.168.10.0/24 0.0.0.0/0 * -> * ACCEPT icmp ------ 62.83.136.124 0.0.0.0/0 * -> * ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a Well sorry it is long I know... My problem is that although ip-masquerading is working I have timeouts for both www and ftp now it is quite painfull to make an apt-upgrade from a masqued machine (it works but with a lot of timeouts) My mtu/mru is set to 1500. the router linux box is an old 486/100Mhz 16 Mbytes ram I understood this is enough (actully I am only masquing a couple of machines and this trials where done with only a masqued machine using the link) Results from apt-get upgrade (from a masqued machine): 3 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Need to get 1585kB of archives. After unpacking 643kB will be used. Do you want to continue? [Y/n] Get:1 http://security.debian.org stable/updates/main groff 1.15.2-2 [1165kB] Err http://security.debian.org stable/updates/main groff 1.15.2-2 Connection timed out Err http://security.debian.org stable/updates/main fetchmail 5.3.3-3 Connection failed Get:2 http://security.debian.org stable/updates/main xloadimage 4.1-5potato1 [101kB] Fetched 13.0kB in 9m16s (23B/s) Failed to fetch http://security.debian.org/dists/potato/updates/main/binary-i386/groff_1.15.2-2_i386.deb Connection timed out Failed to fetch http://security.debian.org/dists/potato/updates/main/binary-i386/fetchmail_5.3.3-3_i386.deb Connection failed If I do apt-get upgrade from the router linux box (another debian potato) the diul-up link is *fast* :???? Some help please? Regards Roberto ------------------------------------------------------------------------ Roberto Diaz <[EMAIL PROTECTED]> http://vivaldi.dhis.org Powered by GNU running on a Linux kernel. Powered by Debian (The real wonder) Concerto Grosso Op. 3/8 A minor Antonio Vivaldi (so... do you need beautiful words?) ------------------------------------------------------------------------