/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Thanks to all who answered my question.  I got it to work.

Solution:
1) Add a default route on the gateway machine:
route add default gw 10.0.0.10 metric 1
(which I have since changed to my ISPs gateway address)
2) Disconnect modem connection to internet (my 192.168.0.10 machine had a modem
and was dialed to my dialup ISP)

Thanks
Jay

Jay Strauss
[EMAIL PROTECTED]
(h) 773.935.5326
(c) 312.617.0264

-----Original Message-----
From: Jay Strauss <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, August 11, 2000 6:27 PM
Subject: Can't reach external network from interal network


>Hi, I'm having trouble getting MASQ to work.  My environment is RedHat 6.2
(i.e.
>2.2.14-5).
>
>I've been reading and implementing by the HOWTO. I tried to search the archives
>but I don't really know what to search for.  The HOWTO makes me believe I don't
>have to ftp any files or recompile my kernel, because RH6.2 is masq ready out
of
>the box.  ??? Is that true ???
>
>I don't have my DSL line yet, but I'm trying to prepare.  So in my closed
>environment I have 3 computers:
>1) (client) at 192.168.0.10
>2) (gateway) at 192.168.0.1 and 10.0.0.1
>3) (external) at 10.0.0.10 - this is my pretend internet machine
>
>My idea was that I'd get it all working, then when my DSL arrives I'll change
>the address of 10.0.0.1 to whatever my provider issues me (and use 10.0.0.10
for
>something else)
>
>My client can ping my gateway @ 192.168.0.1, my gateway can ping both networks
>(i.e. it can ping 10.0.0.10 & 192.168.0.10), and my external can ping the
>gateway @ 10.0.0.1
>
>When I try to ping from my client (192.168.0.10) to my external (10.0.0.10) I
>get : "request timed out"
>If I bring down the 10.0.0.1 NIC on my gateway then I get:
>ping 10.0.0.10
>
>Pinging 10.0.0.10 with 32 bytes of data:
>
>Reply from 192.168.0.1: Destination net unreachable.
>Reply from 192.168.0.1: Destination net unreachable.
>Reply from 192.168.0.1: Destination net unreachable.
>Reply from 192.168.0.1: Destination net unreachable.
>
>So it looks as if its trying to do the MASQ but it can't reach the 10.0.0.0
>network, but when I bring up the card I get the "request timed out" error
>
>Here is the output of "route -n", I noticed there is no entry for 10.0.0.1 on
>eth1.
>Kernel IP routing table
>Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
>192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
>10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1
>127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
>
>My /etc/rc.d/rc.firewall looks like this (copied from the HOWTO):
>#!/bin/sh
>#
># rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels
>using IPCHAINS
>#
># Load all required IP MASQ modules
>#
>#   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ modules
>#          are shown below but are commented out from loading.
>
># Needed to initially load modules
>#
>/sbin/depmod -a
>
>
># Supports the proper masquerading of FTP file transfers using the PORT method
>#
>/sbin/modprobe ip_masq_ftp
>
>
># Supports the masquerading of RealAudio over UDP.  Without this module,
>#       RealAudio WILL function but in TCP mode.  This can cause a reduction
>#       in sound quality
>#
>#/sbin/modprobe ip_masq_raudio
>
>
># Supports the masquerading of IRC DCC file transfers
>#
>#/sbin/modprobe ip_masq_irc
>
>
># Supports the masquerading of Quake and QuakeWorld by default.  This modules
is
>#   for for multiple users behind the Linux MASQ server.  If you are going to
>play
>#   Quake I, II, and III, use the second example.
>#
>#   NOTE:  If you get ERRORs loading the QUAKE module, you are running an old
>#   -----  kernel that has bugs in it.  Please upgrade to the newest kernel.
>#
>#Quake I / QuakeWorld (ports 26000 and 27000)
>#/sbin/modprobe ip_masq_quake
>#
>#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
>#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
>
>
># Supports the masquerading of the CuSeeme video conferencing software
>#
>#/sbin/modprobe ip_masq_cuseeme
>
>
>#Supports the masquerading of the VDO-live video conferencing software
>#
>#/sbin/modprobe ip_masq_vdolive
>#CRITICAL:  Enable IP forwarding since it is disabled by default since
>#
>#           Redhat Users:  you may try changing the options in
>/etc/sysconfig/network from:
>#
>#                       FORWARD_IPV4=false
>#                             to
>#                       FORWARD_IPV4=true
>#
>echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
>#CRITICAL:  Enable automatic IP defragmenting since it is disabled by default
in
>2.2.x kernels
>#
>#           This used to be a compile-time option but the behavior was changed
>in 2.2.12
>#
>echo "1" > /proc/sys/net/ipv4/ip_always_defrag
>
>
># Dynamic IP users:
>#
>#   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
>following
>#       option.  This enables dynamic-ip address hacking in IP MASQ, making the
>life
>#       with Diald and similar programs much easier.
>#
>#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>
>
># Enable the LooseUDP patch which some Internet-based games require
>#
>#  If you are trying to get an Internet game to work through your IP MASQ box,
>#  and you have set it up to the best of your ability without it working, try
>#  enabling this option (delete the "#" character).  This option is disabled
>#  by default due to possible internal machine UDP port scanning
>#  vunerabilities.
>#
>#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
>
>
># MASQ timeouts
>#
>#   2 hrs timeout for TCP session timeouts
>#  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
>#  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
>#
>/sbin/ipchains -M -S 7200 10 160
>
>
># DHCP:  For people who receive their external IP address from either DHCP or
>BOOTP
>#        such as ADSL or Cablemodem users, it is necessary to use the following
>#        before the deny command.  The "bootp_client_net_if_name" should be
>replaced
>#        the name of the link that the DHCP/BOOTP server will put an address on
>to?
>#        This will be something like "eth0", "eth1", etc.
>#
>#        This example is currently commented out.
>#
>#
>#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d
0/0
>68 -p udp
>
>
># Enable simple IP forwarding and Masquerading
>#
>#  NOTE:  The following is an example for an internal LAN address in the
>192.168.0.x
>#         network with a 255.255.255.0 or a "24" bit subnet mask.
>#
>#         Please change this network number and subnet mask to match your
>internal LAN setup
>#
>/sbin/ipchains -P forward DENY
>/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
>
>
>Jay Strauss
>[EMAIL PROTECTED]
>(h) 773.935.5326
>(c) 312.617.0264

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to