sure,i will send detailed howto for freebsd in a week, for openbsd , it will take 2 weeks. Thanks Avishay
----- Original Message ----- From: "Dani Arbel" <[EMAIL PROTECTED]> To: "Avishay Aton" <[EMAIL PROTECTED]> Sent: Friday, November 16, 2001 10:02 PM Subject: Re: Linux(2.4.x) and masqeurating > Avishai, > If you have ADSL running on FreeBSD, it would be nice if you send us the > relevant info so we can add suport to it in our Linux ADSL howto. > Thanks, > Dani > > On Fri, 16 Nov 2001, Avishay Aton wrote: > > > GREAT,this was the problem. i have inserted the following rule in FORWARD > > chain > > nad it works.. > > iptables -I FORWARD -p tcp --tcp-flags SYN,RST,SYN -j > > TCPMSS --clamp-mss-to-pmtu > > > > all i have to do is changing tcpmss in ipfilter on FreeBSD. > > > > Thanks > > ----- Original Message ----- > > From: "Dani Arbel" <[EMAIL PROTECTED]> > > To: "Avishay Aton" <[EMAIL PROTECTED]> > > Sent: Friday, November 16, 2001 9:44 PM > > Subject: Re: Linux(2.4.x) and masqeurating > > > > > > > Avishai, > > > You are probably a victim of blackholing. go to: > > > http://damyen.technion.ac.il/~dani/ > > > read about the ADsL MTU issu , and see in the iptables example there the > > > line with tcp_mss that you should add to your script. > > > Dani > > > > > > On Fri, 16 Nov 2001, Avishay Aton wrote: > > > > > > > I didn't enable ECN on my last kernel compilation(2.4.14) > > > > My configuration: > > > > uname -a > > > > Linux rasta 2.4.14-ext3 #1 Fri Nov 16 19:35:20 IST 2001 i686 unknown > > > > > > > > > > > > [root@rasta root]# ifconfig > > > > eth0 Link encap:Ethernet HWaddr 00:50:DA:1C:76:6B > > > > inet addr:10.0.0.140 Bcast:10.255.255.255 Mask:255.0.0.0 > > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > > RX packets:702 errors:1 dropped:0 overruns:0 frame:2 > > > > TX packets:1001 errors:0 dropped:0 overruns:0 carrier:0 > > > > collisions:2 txqueuelen:100 > > > > RX bytes:149791 (146.2 Kb) TX bytes:121058 (118.2 Kb) > > > > Interrupt:9 Base address:0x1400 > > > > > > > > eth1 Link encap:Ethernet HWaddr 00:A0:C9:B0:0D:43 > > > > inet addr:10.0.0.141 Bcast:10.255.255.255 Mask:255.0.0.0 > > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > > RX packets:90 errors:0 dropped:0 overruns:0 frame:0 > > > > TX packets:51 errors:0 dropped:0 overruns:0 carrier:0 > > > > collisions:0 txqueuelen:100 > > > > RX bytes:10178 (9.9 Kb) TX bytes:3007 (2.9 Kb) > > > > Interrupt:10 > > > > > > > > lo Link encap:Local Loopback > > > > inet addr:127.0.0.1 Mask:255.0.0.0 > > > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > > > RX packets:37 errors:0 dropped:0 overruns:0 frame:0 > > > > TX packets:37 errors:0 dropped:0 overruns:0 carrier:0 > > > > collisions:0 txqueuelen:0 > > > > RX bytes:2176 (2.1 Kb) TX bytes:2176 (2.1 Kb) > > > > > > > > ppp0 Link encap:Point-to-Point Protocol > > > > inet addr:212.143.40.233 P-t-P:212.143.32.1 > > Mask:255.255.255.255 > > > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1452 Metric:1 > > > > RX packets:198 errors:0 dropped:0 overruns:0 frame:0 > > > > TX packets:205 errors:0 dropped:0 overruns:0 carrier:0 > > > > collisions:0 txqueuelen:3 > > > > RX bytes:90908 (88.7 Kb) TX bytes:26131 (25.5 Kb) > > > > > > > > > > > > > > > > and Finally my rules > > > > > > > > > > > > [root@rasta root]# cat fw.rules > > > > #!/bin/sh > > > > ## open up pptp connection > > > > echo "Connecting to the net" > > > > /usr/bin/pptp 10.0.0.138 > > > > sleep 3 > > > > if ifconfig | grep -q "ppp" > > > > then > > > > echo "looking good,now let's secure our connection!" > > > > > > > > ## initialize iptables > > > > echo "Firewall initialization" > > > > > > > > modprobe ipt_state || exit 1 > > > > modprobe iptable_nat || exit 1 > > > > modprobe ip_conntrack_ftp || exit 1 > > > > modprobe ipt_LOG || exit 1 > > > > > > > > > > > > iptables -N block > > > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT > > > > iptables -A block -j DROP > > > > iptables -A INPUT -j block > > > > iptables -A FORWARD -j block > > > > > > > > echo "Now for NAT - only MASQUERDAING!!" > > > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > > > echo "iptables is up `date`" > > > > > > > > The end > > > > Thanks > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Dani Arbel" <[EMAIL PROTECTED]> > > > > To: "Avishay Aton" <[EMAIL PROTECTED]> > > > > Cc: <[EMAIL PROTECTED]> > > > > Sent: Friday, November 16, 2001 6:54 PM > > > > Subject: Re: Linux(2.4.x) and masqeurating > > > > > > > > > > > > > Avisay, > > > > > 1) send a complete list of your rules + ifconfig output > > > > > 2) what is secure remote? > > > > > 3) when you fail to connect somewhere, there should be a message in > > the > > > > > log containing the droped packet description (unless you have not put > > log > > > > > rules ). That can help in catching the problem. > > > > > > > > > > > > > > > On Fri, 16 Nov 2001, Avishay Aton wrote: > > > > > > > > > > > Hi, > > > > > > i connect to the net with pptp + adsl, and i use nat on my linux > > > > box(2.4.x) for other computers on > > > > > > my private network. > > > > > > My nat rule is simple one: > > > > > > > > > > > > modprobe iptable_nat > > > > > > modprobe ip_conntrack_ftp > > > > > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > > > > > > > > > > > > > > > > > I can get most of the sites , but for example www.linuxtoday.com > > dosn't > > > > work for me. > > > > > > also , imap client sometimes work , sometimes dosn't. > > > > > > and finally "secure remote" ?! anyone sucsseded to connect with nat > > + > > > > FWZ ? > > > > > > Thanks > > > > > > Avishay > > > > > > > > > > > > > > > > > > > > > ================================================================= > > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > > > the word "unsubscribe" in the message body, e.g., run the command > > > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
