/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ greetings, I am running redhat 7.0 with all the latest rpm patches and fixes. I would like to configure my linux box to use IP MASQ using RP-PPPOE. 192.168.200.1 == my win95 box 192.168.200.3 == (not loaded at startup, no ip, eth0 for rp-pppoe) 192.168.200.4 == eth1 on my linux box Here is a copy of my rc.firewall file in /etc/rc.d, I modified the rc.local file to run this file at startup. There was an error in the HOWTO which I corrected to get it to load without error. (ip_ip_always_defrag) #!/bin/sh # # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS /sbin/depmod -a /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_irc echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_always_defrag echo "1" > /proc/sys/net/ipv4/ip_dynaddr /sbin/ipchains -M -S 7200 10 160 /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ /sbin/ipchains -A forward -s 192.168.0.4/32 -j MASQ Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface HSE-MTL-ppp6381 * 255.255.255.255 UH 0 0 0 ppp0 192.168.200.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default HSE-MTL-ppp6381 0.0.0.0 UG 0 0 0 ppp0 ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:BC:B8:FC UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:52 errors:0 dropped:0 overruns:0 frame:0 TX packets:54 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0x6100 eth1 Link encap:Ethernet HWaddr 02:60:8C:A3:55:F1 inet addr:192.168.200.4 Bcast:192.168.200.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:56 errors:0 dropped:0 overruns:0 frame:0 TX packets:64 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:5 Base address:0x300 Memory:dc000-de000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:64.229.167.209 P-t-P:64.229.167.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:50 errors:0 dropped:0 overruns:0 frame:0 TX packets:51 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 Now, tests (I may have made mistakes here with who pings who) 1- win95 box pings eth1 no problem 2- from what I understand ...On the MASQ server itself, ping then internal IP address of the MASQ network (i.e. ping 192.168.0.1). Now Then ping the external IP address connected to the Internet... I tried pinging the from within my linux box eth1 and www.google.com now both worked fine. 3- ...Back on a internal MASQed computer, try pinging the IP address of the Masquerading Linux box's internal Ethernet card, (i.e. ping 192.168.0.1)... Ok, so I tried pinging from my win95 box the linux box's eth1 IP cause eth0 has no ip of its own. No errors, works fine. 4- C:\>ping 64.229.167.209 Pinging 64.229.167.209 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 64.229.167.209: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\> ...If it doesn't work, make sure that you enabled "ICMP Masquerading" in the kernel and "IP Forwarding" in your /etc/rc.d/rc.firewall script. Also make sure that the /etc/rc.d/rc.firewall ruleset loaded ok. Try run the /etc/rc.d/rc.firewall script manually for now to see if it runs ok.... The rc.firewall runs ok, no errors manually I didn't recompile the kernel, but from what I read in the IP MASQ howto, it should be enabled by default in RH7.0? Any help would be appreciated. __ Andy [EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
