/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
>Hi all, I've been corresponding with a couple of you about IP MASQ, and I am
>still absolutely stuck. I've fixed a couple minor errors from my last post
>that seemed to cause some issues, but I feel like I've been through the
>configuration several times now and have stopped finding anything wrong.
Hey Rusty,
I promise that we'll get you running but you need to follow are
explict commands and STOP interpreting them. What am I talking
about? Read on..
>ifconfig gives me this:
>eth0 Link encap:Ethernet HWaddr 00:40:05:A1:74:5F
> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:31 errors:0 dropped:0 overruns:0 frame:0
> TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> Interrupt:5 Base address:0x240
>
Good.
>ppp0 Link encap:Point-to-Point Protocol
> inet addr:165.247.149.122 P-t-P:168.121.1.1 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1514 Metric:1
> RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
Good. and the MTU is correct too!
>netstat -rn gives me this:
>Kernel IP routing table
>Destination Gateway Genmask Flags MSS Window irtt
>Iface
>168.121.1.1 0.0.0.0 255.255.255.255 UH 0 0 0
>ppp0
>127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
>eth0
>0.0.0.0 168.121.1.1 0.0.0.0 UG 0 0 0
>ppp0
Your default gateway is WRONG. The 0.0.0.0 route should be pointing
to 165.247.149.122. I recommend that you just add the line "default"
to the /etc/ppp/options file. It will automatically set the correct
GW. This is CRITICAL for dynamic IP users.
>insmod ne io=0x240 irq=5
>ifconfig lo 127.0.0.1
>route add -host 127.0.0.1 lo
>ifconfig eth0 192.168.0.2 netmask 255.255.255.0
What distro are you running? I recommend to setup all this way
that correct way. If you don't know how, just ask one of us as
there are all kind of knowledgable Redhat, Mandrake, SuSe, Caldera,
Slackware, etc people in here...
>ipchains -F forward 2>> /root/errors.dat
What is this?! It isn't correct. Please use the example
rc.firewall config from the MASQ Howto.
>ipchains -A forward -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ 2>>
>/root/errors.dat
This is fine.
>echo 1 > /proc/sys/net/ipv4/ip_forward 2>> /root/errors.dat
As is this
>I also did 'cat /proc/sys/net/ipv4/ip_forward' and got a '1'.
Good.
>Here's all the files I could find on my system that might be related to this
>(find *masq* and ip_*)
>/lib/modules/2.2.12/ipv4/ip_masq_user.o
>/lib/modules/2.2.12/ipv4/ip_masq_ftp.o
>/lib/modules/2.2.12/ipv4/ip_masq_irc.o
>/lib/modules/2.2.12/ipv4/ip_masq_raudio.o
>/lib/modules/2.2.12/ipv4/ip_masq_quake.o
>/lib/modules/2.2.12/ipv4/ip_masq_vdolive.o
>/lib/modules/2.2.12/ipv4/ip_masq_cuseeme.o
Upgrade your kernel to at LEAST 2.2.16 to avoid security based
issues. Yes, 2.2.12 will work but you are vulnerable.
>IP: 192.168.0.1
>Mask: 255.255.255.0
>Gateway: 192.168.0.2
>The two DNS servers of my ISP have been entered as the DNS servers
Good.
>echo "1" > /proc/sys/net/ipv4/ip_always_defrag
>because that file doesn't exist on my linux system.
Again.. what distro is this? I've started to notice this
on some stock distro kernels. It is probably enabled by
default but I need to add this to the HOWTO.
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.