/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
1) Do you have the ip_masq_ftp module loaded?
2) Are your rules prohibiting http access?
Normally masq works just fine with http, unless you've restricted it too
much.
-JMS
|-----Original Message-----
|From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
|Of Nik T
|Sent: Friday, July 07, 2000 2:19 AM
|To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
|Subject: [Masq] Re: [Masq] Why am I not able to connect to the external
|addressfrom internal masqed PCs?
|
|
|/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
|/* ALSO: Don't quote this header. It makes you look lame :-) */
|
|
|Hello Michael,
|
|Thanks for your help. I was hoping for something simpler than that. I used
|10.10.10.10 as a hypothetical internet address. Let say its
|216.111.222.333. I am able to telnet and ping to 216.111.222.333. But I
|cannot ftp and http to this address from my internal masqed hosts.
|Any help
|is appreciated.
|
|Regards,
|Vernon
|
|>From: "Michael Best" <[EMAIL PROTECTED]>
|>To: Nik T <[EMAIL PROTECTED]>
|>Subject: [Masq] Why am I not able to connect to the external
|address from
|>internal masqed PCs?
|>Date: Thu, 06 Jul 2000 22:10:49 EDT
|>MIME-Version: 1.0
|>Received: from [216.189.8.110] by hotmail.com (3.2) with ESMTP id
|>MHotMailBB2E86710084D820F3ACD8BD086E04CC0; Thu Jul 06 19:07:46 2000
|>Received: from com.org (com.org [216.189.13.22])by ru3.servadmin.com
|>(8.9.3/8.9.3) with SMTP id WAA06869for <[EMAIL PROTECTED]>; Thu, 6 Jul
|>2000 22:14:01 -0400
|>From [EMAIL PROTECTED] Thu Jul 06 19:10:35 2000
|>Message-id: <[EMAIL PROTECTED]>
|>In-reply-to: <[EMAIL PROTECTED]>
|>
|>On 07 Jul 2000, Nik T wrote:
|>
|> > Why am I not able to connect to the external address from internal
|>masqed
|> > PCs?
|>
|>If you are using portfw or mfw this will not work unless you modify the
|>kernel. I've written a patch which you can download at
|>http://www.com.org/~michael/masq-demasq.zip. Save it in /usr/src as
|>masq-demasq.patch and run "patch -l -p0 <masq-demasq.patch" from there.
|>This
|>patch basically allows "de-masqed" packets to be "masq-ed" again. Thus it
|>checks the forward chain even when packets have been de-masqed.
|However, it
|>ignores "DENY" or "REJECT" targets. Thus your MASQ rule should be based
|>only
|>on the source address and not on the destination interface or address.
|>
|>-- Michael Best
|>
|
|________________________________________________________________________
|Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
|
|_______________________________________________
|Masq maillist - [EMAIL PROTECTED]
|Admin requests can be handled at http://www.indyramp.com/masq-list/ --
|THIS INCLUDES UNSUBSCRIBING!
|or email to [EMAIL PROTECTED]
|
|PLEASE read the HOWTO and search the archives before posting.
|You can start your search at http://www.indyramp.com/masq/
|Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
