by "surf" I mean active IP Masquerading.
I don't know why your linux box won't IP Masq. the first UDP packets.
You say that it masqs udp packets after connection?.... Hmm...
OK, here's a guess (standard disclaimers apply ;)
When diald notices packets destined for the interenet it is supposed to
cache them until the link is up and then send them through. It *could*
be that these packets are being held in some sort of buffer by diald
until the link is up and then sent strait out over the link without going
through the masq code.
What version of diald are you using?
To be honest, I haven't code-jockied any of the diald source (it's
probably all way out of my league) so I may just be spouting raw sewage.
I'll have to pass this line of thought on to others.
peace favor your sword
-----Original Message-----
From: Rod Moffitt
Sent: Tuesday, June 22, 1999 6:36 PM
To: Kirk Lawson
Cc: Rod Moffitt; "MASQ@SMTP <[EMAIL PROTECTED]>"; "LINUX-DI@SMTP
<[EMAIL PROTECTED]>"
Subject: RE: Masq&Diald: When 'initial' traffic t
--------------------------------------------------------------------------
----
Thanks for your reply Kirk.
> Are you sure you have IP Masquerading compiled into the kernel? As I
> understand it (and I could be *way* off, I admit),
Yes.
>
> 1) If your Linux box makes a proper PPP connection, it doesn't need IP
> Masq to "surf" (this is a fact, e.q. Windows)
Confused - what do you mean by 'surf'?
> 2) If the kernel doesn't have IP Masq compiled in but *does* have IP
> Forwarding enabled, it will simply forward packets from one interface
to
> another without "masquerading" them.
No masquerading DOES work here, however 'initial' UDP packets are not
being masqueraded - they are being merely forwarded onto my public
interface. After a while it suddenly works - ie BOTH UDP and TCP are
being
masqueraded...
>
> Any other voices of reason?
>
> peace favor your sword
>
> -----Original Message-----
> From: Rod Moffitt
> Sent: Monday, June 21, 1999 12:22 PM
> To: Kirk Lawson
> Cc: 'MASQ@SMTP <[EMAIL PROTECTED]>'; 'LINUX-DI@SMTP
> <[EMAIL PROTECTED]>'
> Subject: RE: Masq&Diald: When 'initial' traffic t
>
> On Mon, 21 Jun 1999, Kirk Lawson wrote:
>
> >
> > What Linux distro. are you using, specifically, what version and
> kernel?
> >
>
>
> Sorry about that - I am using 2.0.36 with the ipportfw and egcs
> patches...
>
> - Rod
>
> > peace favor your sword
> >
> > -----Original Message-----
> > From: Rod Moffitt
> > Sent: Monday, June 21, 1999 11:56 AM
> > To: LKLawson; 'MASQ@SMTP <[EMAIL PROTECTED]>'; 'LINUX-DI@SMTP
>
>
> > <[EMAIL PROTECTED]>'
> > Subject: Masq&Diald: When 'initial' traffic that
> >
> > Original Subject:
> > Masq&Diald: When 'initial' traffic that brings up link is UDP
> >
> > Masq&Diald: When 'initial' traffic that brings up link is UDP kernel
> DOES
> > not masq - it merely forwards...
> >
>
-------------------------------------------------------------------------
>
> >
> > I recently helped a friend out who used a modem to access the net.
They
> > recently picked up a second machine for their kid and as such wanted
a
> > LAN. I of course recognized the situation (since it was mine a few
> years
> > ago!) and offered to not only help setup a LAN, yet add a firewall so
>
>
> > that
> > BOTH of the computers could access the LAN - and to boot that this
> > magical
> > firewall could automatically detect when you wanted to get on the
> > Internet and dial up for you. They of course loved the idea and that
is
> > what I spent the good part of last week and this last weekend doing.
> >
> > Now the problem - of course the Masq stuff was easy since I merely
> cloned
> > most of my rules. In addition the diald stuff was easy since all I
had
> > to do was modify the 'connect' chat script. And of course when I
tested
>
>
> > it
> > from the firewall it worked great! If I pinged a host the link would
> come
> > up and the Masquerading worked great!
> >
> > Now the bad news, when I tried it from one of the Win95 hosts it
didn't
> > work so great. When the 'initial' traffic that caused diald to get
ppp
> up
> > was UDP (say an initial DNS lookup for a web site, or for a
> > Starcraft-battlenet connection) Masquerading did not occur - the
kernel
> > merely forward the packets out! Take a look at a snapshot of the
> > following
> > kernel logs (W.X.Y.Z is the address of the Win95 host, A.B.C.D and
> > E.F.G.H
> > are addresses of DNS hosts) where DNS packets where not properly
> > Masqueraded, instead they were merely forwarded.
> >
> > Now Masquerading did work for all packet types from the firewall
> machine.
> > In addition this whole scenario worked for me nearly two years ago
when
> I
> > did not have my static IP as I do today, and I never saw this type of
> > problem.
> >
> > I checked the How-to and FAQs (BTW the masq mailing list archives are
> NOT
> > searchable - this would be a real time saver). When scanning the
diald
>
>
> > FAQ
> > (http://www.loonie.net/~eschenk/diald/diald-faq-6.html#ss6.11) it
says
> > that TCP connections are not to be used 'to bring up the link' yet
UDP
>
>
> > are
> > (it has to with not being able to change the address of a TCP
> > connection),
> > therefore this problem seems to be the inverse?!?!
> >
> > Anyone have an idea?
> >
> >
> > Jun 19 20:12:32 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61232
> > A.B.C.D:53 L=65 S=0x00 I=4096 F=0x0000 T=31
> > Jun 19 20:12:47 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61233
> > E.F.G.H:53 L=65 S=0x00 I=4352 F=0x0000 T=31
> > Jun 19 20:13:02 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61232
> > A.B.C.D:53 L=65 S=0x00 I=4608 F=0x0000 T=31
> > Jun 19 20:13:22 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61233
> > E.F.G.H:53 L=65 S=0x00 I=4864 F=0x0000 T=31
> >
> >
> > Here are my masquerading rules:
> >
> > ipfwadm -F -f
> > ipfwadm -F -p deny
> >
> > echo "masquerade-forwarding from $PRIVATE_NET"
> > ipfwadm -F -a accept -m -W $PUBLIC_INT -S $PRIVATE_NET
> >
> > echo "masquerade-forwarding on $DIALD_INT from $PRIVATE_NET"
> > ipfwadm -F -a accept -m -W $DIALD_INT -S $PRIVATE_NET
> >
> > ipfwadm -F -a deny -o
> >
> >
> > --
> >
> > ============ Geek Technology at its best: http://nuked.org
> > ===============
> >
>
``````````````````````````````````````````````````````````````````````````
>
>
>
>
>
> > Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
> > [EMAIL PROTECTED] multi-user, fast & free!
> > http://www.linux.org
> > PGP RSA KeyID 570A0731 Protect your privacy!
> > http://www.pgpi.com
> > http://rodmoffitt.org Net, s/w & h/w consulting:
> > http://vissitt.com
> >
>
..........................................................................
>
>
> >
> > ========= Where loved ones are remembered: http://memoriam.org
> > ===========
> >
> > Last yeer I kudn't spel Engineer. Now I are won.
> >
> >
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe
linux-diald"
> in
> > the body of a message to [EMAIL PROTECTED]
> >
>
> --
>
> ============ Geek Technology at its best: http://nuked.org
> ===============
>
``````````````````````````````````````````````````````````````````````````
>
> Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
> [EMAIL PROTECTED] multi-user, fast & free!
> http://www.linux.org
> PGP RSA KeyID 570A0731 Protect your privacy!
> http://www.pgpi.com
> http://rodmoffitt.org Net, s/w & h/w consulting:
> http://vissitt.com
>
..........................................................................
>
> ========= Where loved ones are remembered: http://memoriam.org
> ===========
>
> Last yeer I kudn't spel Engineer. Now I are won.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald"
in
> the body of a message to [EMAIL PROTECTED]
>
--
============ Geek Technology at its best: http://nuked.org
===============
``````````````````````````````````````````````````````````````````````````
Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
[EMAIL PROTECTED] multi-user, fast & free!
http://www.linux.org
PGP RSA KeyID 570A0731 Protect your privacy!
http://www.pgpi.com
http://rodmoffitt.org Net, s/w & h/w consulting:
http://vissitt.com
..........................................................................
========= Where loved ones are remembered: http://memoriam.org
===========
Last yeer I kudn't spel Engineer. Now I are won.
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
