On Fri, 27 Nov 1998, Harry Zink wrote:
> >I've fiddled with the forward rules with masq checked, packets were
> >going out ( had iptraf up watching it ) but nothing was getting back to
> >the masq'ed box in question.
>
> Good to know that I am not the only one having this problem.
>
> Good luck getting an answer, but, since I have at this point asked
> several times, and my queries in relevant newsgroups have gone without
> answer as well.
>
> If you *DO* find a solution for this, PLEASE let me know, as I would
> prefer using linuxconf again.
I am interested in help you guys. this is a setup I do often with
linuxconf, so I guess there is some light at the end of the tunnel. Here
are some datapoints. From the emails I have seen on the list, you have
good knowledge of the problem, so I guess it is only some details.
-the routing problem
One standard is that a machine is not a router unless you told (the
admin) it is one. Some time ago, linux distributions were shipped with
IP forwarding enabled (routing enable). This was not standard. Later
distribution do ship with IP forwarding OFF. Linuxconf does this also.
If you go in "networking/routing and gateways/default", make sure
the "Enable routing" is on.
I guess this is the single difference between using linuxconf or not
as linuxconf will enforce this bit in the kernel at each boot.
-For IP masquerading, there is a flaw in the user interface. Normally
you specify a firewalling rule in linuxconf by filling the header
part of the dialog (rule's type, protocol, ...) and then you fill the
"from" and "to" section.
Now in forwarding rules, there is a catch. I am using the same interface
for all rules (blocking, forwarding, ...). This is a flaw (and hard to
tell). The "interface" specified in the "From" area is the output device
and not the input device. If you have left the device to any, then all
is fine (if all you want is to do masquerading). If you have specified
the input device, then you are ... out of luck.
So be sure to either leave the interface to any or use the IP
number of the output device (if it is a PPP device).
I guess the thing about the "Enable routing" is THE thing. Note that while
linuxconf enforce this (you must enable routing "by hand" to get it), this
is THE standard and newer distribution are compliant.
I hope this helps. If not, get back.
---------------------------------------------------------
Jacques Gelinas <[EMAIL PROTECTED]>
Check out Linuxconf at http://www.solucorp.qc.ca/linuxconf
New modules: mgettyconf, managerpm
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
