Civileme wrote:
> Darcy Brodie wrote:
> >
> > Hello
> >
> > i am still having trouble with this Mandrake setup.
> > I am attempting to setup IP Masqurading through IP Chains .
> > I have had this configuration previously running on a RH 5 box, and decided
> > to upgrade.
> >
> > I have used the PMFirewall program to create the firewall and
> > masqurading rules. From the Linux box, I can ping both the internal
> > network and the internet. However, from a workstation running win98, I
> > can only ping the linux box. When I attempt to ping the intetnet, I get
> > the following (thanks to tcpdump)
> >
> > 13:05:47.551865 192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp
> > port unreachable [tos 0xc0]
> >
> > I have have removed all of the pmfirewall rules and tried a very basic
> > ip chains rules as follows
> >
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> > /sbin/ipchains -P forward DENY
> > /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ
> >
> > i realize that this is probablu the simplst ip masq rules that can be
> > set, but I still get the same message in tcpdump
> >
> > I am using 2 network cards, 1 connected directly to my cable modem
> > (which gets it's ip via dhcp) This is eth0
> > The second one is connected to my local network with a static ip of
> > 192.168.67.20
> > The win98 workstation has a static ip of 192.168.67.2
> > On the linux box, the DNS server is pointing to the DNS server from
> > my ISP
> > The default gateway is also pointing to my ISP's gateway
> > The above settings are exactly the same as what I was running on
> > the RH5 box, but I was using ipfwadm for my rules
> >
> > Darcy
>
> ipchains -P forward DENY
> ipchains -A forward -i eth0 -j MASQ
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> On the win98 box default gateway is 192.168.67.20 (Win doesn't
> know much about routing)
>
> DNS's should be spec'ed on both machines, if only to save time
> and the search sequence hosts. dns on the linbox.
>
> Let me know how that works
>
> Civileme
> ]
Thank you for your assistance. I changed my dns lookup on hte windoze box to
also point to my isp's dnx server, and everything is working now
Darcy
