/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Well, the nameserver works probably because the server is on the local and remote network and has nothing to do with masq working. Assuming the ppp connection is up all the time (there might be problems if it's not, but only if your computer doesn't know to connect when it gets a packet) here is my very basic and very insecure masq script (I use a cable modem with a dhcp ip address, it should work for you too since it makes no mention of any interfaces): /sbin/depmod -a /sbin/modprobe ip_masq_ftp #/sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward /sbin/ipchains -M -S 14400 10 150 /sbin/ipchains -P forward REJECT /sbin/ipchains -A forward -s 192.168.173.0/24 -j MASQ EXTIP="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' |sed -e 's/.*://'`" /usr/sbin/ipmasqadm portfw -f For just basic stuff you can skip the module junk (the depmod and modprobe) and the last three lines (really two because the 3rd and 2nd to last lines are supposed to be the same). In my case the local subnet is 192.168.173.x, so just change the MASQ line from 173 0 and it should work. If you plan on doing any port forwarding you will need to replace the eth0 with ppp0 (everything from EXTIP to the last double quote is supposed to be on the same line) so you will have a shell variable with your ip address in it available to the rest. Add all your forwardings to the end of this. Of course it's advisable to secure it up after this. I pieced together this script from the Trinity OS and IP Masq HowTo. Robin Stuart Norman wrote: > I've tried everything the IP-Masq, Net and Ipchains HOWTOs suggest and still my > private network will not see the outside internet. I'm running Redhat 6.2 on > my server, which has the ppp link to my ISP. The kernel is compiled correctly > to support masquerading. I'm running a caching nameserver. I use the rc.firewall > script from the IP-Masquerage-HOWTO. The modules are loaded and forwarding, > etc., (in /proc/sys/net) are set to "1". The other computer on my net is Windows > 98. My private network by ethernet works fine and has for a long time. I use the > 192.168.0.x addresses. When I use the very basic IP-Masq rules the Windows box > can lookup the net name address and get the IP address, but apparently there is > no route to the internet and requests time out and there is no actvity going to > ppp0. Yes, ppp0 is the default route. I'd like to see a simple rc.firewall > script that has the correct ipchains implementation. It would be a good idea > for home networkers to offer a simple script to get their PPP connection to > masq to a private home network. Thanks. > > -- > [EMAIL PROTECTED] <Stuart Norman> > Censorship is the ultimate obscenity. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
