Rogers, Paul wrote:
> Dear All
>
> Cany anyone help me set up IP masquerading??
>
> I have two machines, one Linux box & one NT box with the Linux box acting
> as the gateway.
>
> The linux box is running Redhat 5.1 kernel 2.2.2
>
> It has all the necessary options compiled into the kernel (I think)
>
> I start IP chains as follows
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ 192.168.0.0/24 -d 0.0.0.0/0
>
> The connection is over a modem using pppd/diald to initiate the
> connection. Names are resolved using named.
>
> >From the Linux box I can use nslookup to dial out and lookup names. I
> can also use lynx to dial out and connect to various sites by name.
>
> However when I try to connect using Netscape on the NT box the following
> happens:
>
> The gateway dials and connects to the ISP (tho' this may have been
> instigated by named rather than the gateway).
>
> Netscape says it is searching for the IP address of the site which it
> seems to find ok ( & this is borne out by the fact that if subsequently I
> do nslookup on the Linux box for the same name, it responds with a
> non-authorative answer)
>
> However Netscape then reports it is contacting the host and nothing
> further happens. Eventually pppd times out and then Netscape reports
> that it is unable to contact the host.
>
> Am I right in thinking that this is an IP Masquerading problem, not
> named,ppd etc.?
>
> I notice that despite /etc/sysconfig/network having FORWARD_IPV4=yes in
> it /proc/sys/net/ipv4/ip_forward is set to 0. Also by going into the
> system config utility the default gateway is set 0.0.0.0 and default
> gateway device is set to eth0 (on the linux box).
>
> As the linux box is the gateway does it need to be told the default
> gateway? Should ip_forward be set to 1? I've tried doing this and it
> seems to make no difference.
>
> Any help would be much appreciated.
>
> Paul
Paul, I'm only guessing at your setup and why, but I'll state a few things
regarding my setup and maybe that will help you. Nothing about IPchains or
masq though.
Okay /proc/sys/net/ipv4/ip_forward is a single byte file with a value of 1
(1) (one) on my RH 5.1 box, which coincides with /etc/sysconfig/network
having =yes. IP forwarding is complied by default I am told on RH dists, and
it is cetainly the case on my systems. I couldn't realize it though until
correct routing was set up by my provider. Once I was able to be pinged from
the internet, everything was cool - you could go from one box through it's
default gateway (which is my RH 5.1 box w/ eth and ppp doing routing between
the net and my internal net. Before that all you could do was ping the modem
from the outside and even though I had a default route from the router
machine you couldn't route through it to the internet from inside my
network. I still don't know why, but everything started working fine once
the ISP got their stuff figured out.
The linux box you are running appears to be a gateway as well between the
Internet and your lan. DO NOT SET A DEFAULT GATEWAY. ppp0 will do that for
you when the link comes up. default gateways are listed as 0.0.0.0, and you
will also see the machine at the top of your "route" (issued w/o any args)
as having a mask of 255.255.255.255.
your ISP will assign an ip to that modem and provide the default gateway. On
your ethernet (eth0) bind and IP address in the same net as the other
machines on your net. Then issue a "route add -net 192.168.1.0 gw
192.168.1.10 dev eth0" (where the first IP is the network number of your lan
and the second is the number you just bound to your nic). You may need to
monkey around with netmask etc, but if nothing happens after you invoke the
command that means that something did happen. You will only get an error if
nothing happens (Not to confuse). check with "ifconfig" and "route" (both
entered without any args).
Now, set a default gateway on all the other machines that are going to use
the Linux box as their gateway to the world. For example, use the route
command and give the address that you bound to the linux box as each other
machines default gateway. you will need to use gw or default depending on
exactly what it is you actually intending, and of course, that particular
machines dev eth0.
One more thing... "If your running Win9x any where on your network the first
thing you should do, is kill yourself.
Good luck and only run real operating systems like UNIX, NetWare, NT and
OS/2.
Sincerely,
Bradley D. Thornton
Mgr. Network Svcs.
NorthTech Computer
