/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hi! I have the fresh installed RH Linux 6.2 with kernel 2.2.16 on gateway computer (P-III/256MB/i815) with 2 network cards: eth0 Link encap:Ethernet HWaddr 00:40:05:40:35:7E inet addr:195.xxx.xxx.xxx Bcast:195.xxx.xxx.xxx Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:173617 errors:0 dropped:0 overruns:0 frame:0 TX packets:86128 errors:2 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xdc00 eth1 Link encap:Ethernet HWaddr 00:D0:B7:AA:EB:AE inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:31090 errors:0 dropped:0 overruns:0 frame:0 TX packets:122520 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xdf00 Memory:d0044000-d0044c40 As you can see eth0 (module old_tulip.o) is external interface and eth1 (module e100.o from Intel) is internal interface. Forwarding, firewalling and masq are compiled into kernel. Forwarding is turned on: net.ipv4.ip_forward = 1 Masq is turned on with following IPCHAINS rules: ipchains -F ipchains -P forward DENY ipchains -A forward -i eth0 -s 172.16.0.0/255.255.255.0 -j MASQ -l [root@ns /root]# ipchains -L Chain input (policy ACCEPT): Chain forward (policy DENY): target prot opt source destination ports MASQ all ----l- 172.16.0.0/24 anywhere n/a Chain output (policy ACCEPT): DNS is functioning OK. Squid 2.3STABLE2 is installed on this Linux box. All connections to http and ftp resources from internal PCs are made through Squid proxy (and this works fine). So, if I try to ping external and internal IPs from Linux box, everything works OK. If I try connect to external or internal HTTP/FTP resources, everything works OK. I can ping external servers from my Win2k workstation: C:\>ping www.altavista.com Pinging altavista.com [209.73.164.93] with 32 bytes of data: Reply from 209.73.164.93: bytes=32 time=811ms TTL=230 Reply from 209.73.164.93: bytes=32 time=1172ms TTL=227 Reply from 209.73.164.93: bytes=32 time=330ms TTL=227 Reply from 209.73.164.93: bytes=32 time=1172ms TTL=233 Ping statistics for 209.73.164.93: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 330ms, Maximum = 1172ms, Average = 871ms and this is exception from log: May 4 12:13:00 ns kernel: Packet log: forward MASQ eth0 PROTO=1 172.16.0.3:8 209.73.164.93:0 L=60 S=0x00 I=38676 F=0x0000 T=127 (#3) May 4 12:13:01 ns kernel: Packet log: forward MASQ eth0 PROTO=1 172.16.0.3:8 209.73.164.93:0 L=60 S=0x00 I=38677 F=0x0000 T=127 (#3) May 4 12:13:03 ns kernel: Packet log: forward MASQ eth0 PROTO=1 172.16.0.3:8 209.73.164.93:0 L=60 S=0x00 I=38680 F=0x0000 T=127 (#3) May 4 12:13:04 ns kernel: Packet log: forward MASQ eth0 PROTO=1 172.16.0.3:8 209.73.164.93:0 L=60 S=0x00 I=38682 F=0x0000 T=127 (#3) But if I try to telnet to any port from my (and every other) workstation, use http without squid proxy, ftp or use MSN messenger - shit happens :((( Seems that tcp and udp MASQ not working at all. For example: C:\>telnet www.linux.org Connecting To www.linux.org...Could not open a connection to host: Connect failed There are no records in log files concerning this attemp to open telnet session. Maybe I made a stupid mistake and can't find it. I already have 4 or 5 successfull installations of MASQ on Linux, but never seen such problem. Please give me a suggestion what should I do with this? Sincerely, Dmitry Mikhailov _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
