/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ I'm trying to set up masq on a machine running Red Hat 7.1, with kernel upgraded to 2.4.6. I followed the instructions in the HOWTO, and in the testing section, I get as far as pinging from my Windows machine (being masq'ed) to the external interface to the Linux box (running RP-PPPoE on an ADSL connection) without difficulty. But when I try to ping microsoft.com from the Windows machine, I don't get a response, *but* the little lights blink on the network hub and the DSL modem. After running around trying several different things (checking interfaces, confirming iptables setup, etc.), I finally got tcpdump running on the Linux box and listened while I tried to ping microsoft.com (which I can ping fine from the Linux box) from the Windows machine. Here's the result (note that I told it not to dump port 23 since I'm telnetting in from the Windows machine; also, eth0 is the local network, and eth1 goes to the Internet): [root@woodenspoon init.d]# tcpdump not port 23 Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket tcpdump: listening on all devices 17:09:31.637472 eth1 > PPPoE [ses 0x2103] LCP EchoReq id=0x7a magic=0x1e6caa6 17:09:31.648464 eth1 < PPPoE [ses 0x2103] LCP EchoRep id=0x7a magic=0xa19d308 17:09:32.408196 eth0 < 10.0.0.2.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:32.408711 ppp0 > user-2iniahq.dialup.mindspring.com.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:32.409268 eth1 > PPPoE [ses 0x2103] user-2iniahq.dialup.mindspring.com.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:32.420856 ppp0 > user-2iniahq.dialup.mindspring.com.1024 > ns2.mindspring.com.domain: 11263+ PTR? 186.188.29.207.in-addr.arpa. (45) (DF) 17:09:32.421426 eth1 > PPPoE [ses 0x2103] user-2iniahq.dialup.mindspring.com.1024 > ns2.mindspring.com.domain: 11263+ PTR? 186.188.29.207.in-addr.arpa. (45) (DF) 17:09:32.817631 eth1 < PPPoE [ses 0x2103] jfk3-core1-h4-1-0.4.atlas.digex.net > user-2iniahq.dialup.mindspring.com: icmp: time exceeded in-transit [tos 0xc0] 17:09:32.818122 ppp0 < jfk3-core1-h4-1-0.4.atlas.digex.net > user-2iniahq.dialup.mindspring.com: icmp: time exceeded in-transit [tos 0xc0] 17:09:32.818421 eth0 > jfk3-core1-h4-1-0.4.atlas.digex.net > 10.0.0.2: icmp: time exceeded in-transit [tos 0xc0] 17:09:34.034977 eth0 < 10.0.0.2.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:34.035214 ppp0 > user-2iniahq.dialup.mindspring.com.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:34.035748 eth1 > PPPoE [ses 0x2103] user-2iniahq.dialup.mindspring.com.1048 > 207.29.188.186.domain: 1+ A? www.microsoft.com. (35) 17:09:34.418685 eth1 < PPPoE [ses 0x2103] jfk3-core1-h4-1-0.4.atlas.digex.net > user-2iniahq.dialup.mindspring.com: icmp: time exceeded in-transit [tos 0xc0] 17:09:34.419192 ppp0 < jfk3-core1-h4-1-0.4.atlas.digex.net > user-2iniahq.dialup.mindspring.com: icmp: time exceeded in-transit [tos 0xc0] 17:09:34.419403 eth0 > jfk3-core1-h4-1-0.4.atlas.digex.net > 10.0.0.2: icmp: time exceeded in-transit [tos 0xc0] 17:09:35.044709 eth0 < 10.0.0.2.1048 > 207.29.188.185.domain: 1+ A? www.microsoft.com. (35) I've cut it off there; it just goes on like that. I don't really know what any of this means, but I have a hunch it's significant: something is indeed reaching the outside world from the Windows machine, but I don't get a good response back. Other pertinent config stuff: [root@woodenspoon init.d]# ifconfig eth0 Link encap:Ethernet HWaddr 00:03:6D:1D:60:A2 inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:20705 errors:0 dropped:0 overruns:0 frame:0 TX packets:17047 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xf800 eth1 Link encap:Ethernet HWaddr 00:03:6D:1D:60:9F UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2587 errors:0 dropped:0 overruns:0 frame:0 TX packets:2686 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xf400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:22 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:165.121.43.68 P-t-P:165.121.43.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 [root@woodenspoon init.d]# iptables -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination // (I'm using the ruleset from the HOWTO) [root@woodenspoon init.d]# cat /proc/sys/net/ipv4/ip_forward 1 [root@woodenspoon init.d]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 165.121.43.1 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0 10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 165.121.43.1 0.0.0.0 UG 40 0 0 ppp0 Any ideas? Thanks a lot for any help! Jyrinx [EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
