Re: IP Masq. help

Sun, 09 Apr 2000 13:19:35 -0700 

OK. This leads to a few more questions.

At 03:44 PM 4/9/00 -0400, Charles Farinella wrote [in part]:

>>         ping <nameserver IP address (from /etc/resolv.conf)>
>>         ping <gateway IP address (from "route -n")>
>No to these from #2

"No" is an incomplete answer. As I said in my prior message, ping fails in
at least 3 distinct ways, and they indicate different problems. HOW do these
pings fail? Choices are:

                silently (no response until you ^C)
                with "no route to host"
                with "sendto: operation not permitted"
                some way I don't know about

At least these are the possibilities on a Linux workstation. I assume they
have WinXX equivalents.

Also, can the Windows workstation ping BOTH interfaces on the Linux
router/firewall?

>I'm reluctant to include my rc.firewall script because of length.
>I will include the commands minus the comments if that helps:

Don't blame you for hesitating. Better would be to see the actual rules that
are in place (since your script doesn't seem to begin by flushing). What is
the output of:

        ipchains -L input -n
        ipchains -L forward -n
        ipchains -L output -n
        ipchains -M -l

(if you get errors on those, please check the man page - I just wrote them
from memory and may have the syntax wrong).

Once I know how ping fails, I may be able to be more specific, but as a
general matter, it would help to see:

        output of "ifconfig -a" on the router/firewall
        output of "route -n" on the router/firewall              
        equivalent information from the Windows workstation (sorry; I
                don't know the Windows commands)

>
>/sbin/depmod -a
>/sbin/modprobe ip_masq_ftp
>echo "1" > /proc/sys/net/ipv4/ip_forward
>echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>/sbin/ipchains -M -S 7200 10 160
>/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
>/sbin/ipchains -P forward DENY
>/sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA                                    [EMAIL PROTECTED]        
----------------------------------------------------------------


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs

Reply via email to