[Masq] MASQ

Trent Brown Sun, 29 Jul 2001 12:37:52 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Hello, 

I do need some help with this. Background is this configuration worked
fine for the longest time, until I shut down the masq server while away.
When I rebooted, it seems to no longer forward packets out the
"Internet" port (eth0) from the internal lan (eth1).

>From an internal client, I can ping both interfaces on the server
machine but cannot ping an outside address. A tcpdump shows no packets
being forwarded out eth0, though from the server I have full outside
access.

Another (possibly related?) symptom is that though I can ping both
interfaces on the server machine, I can no longer telnet to it from an
internal client machine, or to a client from the server. Both client and
server can telnet to themeselves and I can SSH into the server from
outside. Hosts.deny/hosts.allow are configured correctly and this also
worked before rebooting the server.

I'm running simple IPchains from the following HOWTO:

http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-5.html#ss5.5

And here is some config information. Thanks for any/all help - this one
is driving me batty.

 ********** system and network config *************
Mandrake 7.1 with win4lin patch

# uname -a
Linux thome.com 2.2.16-9mdk #1 Tue Feb 20 19:47:50 PST 2001 i686
unknown  

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
255.255.255.255 0.0.0.0         255.255.255.255 UH        0 0          0
eth1
192.168.2.1     0.0.0.0         255.255.255.255 UH        0 0          0
eth1
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0
eth1
6.42.236.0      0.0.0.0         255.255.252.0   U         0 0          0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0
lo
0.0.0.0         6.42.236.1      0.0.0.0         UG        0 0          0
eth0

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:01:02:BF:1E:0E
          inet addr:6.42.237.111  Bcast:6.42.239.255  Mask:255.255.252.0
          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
          RX packets:16198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20991 errors:0 dropped:0 overruns:0 carrier:3
          collisions:3 txqueuelen:100
          Interrupt:11 Base address:0xc800
 
eth1      Link encap:Ethernet  HWaddr 6D:10:6D:10:7F:67
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3477 errors:0 dropped:0 overruns:0 frame:0
          TX packets:352 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5 Base address:0xe000
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0   

***** Main lines from rc.firewall *************

/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
 
# Enable simple IP forwarding and Masquerading
 
#
#  NOTE:  The following is an example for an internal LAN address in the
#         192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask
#         connecting to the Internet on interface eth0.
#
#         ** Please change this network number, subnet mask, and your
Internet
#         ** connection interface name to match your internal LAN setup
#
 /sbin/ipchains -P forward DENY
 /sbin/ipchains -A forward -i eth0 -s 192.168.2.0/24 -j MASQ
 

********** proc files
***********                                                                 

# cat /proc/sys/net/ipv4/ip_forward
1
# cat /proc/sys/net/ipv4/ip_dynaddr
1
# cat /proc/sys/net/ipv4/ip_always_defrag
1     

*********** chain policy ********** 
# ipchains -n -L
Chain input (policy ACCEPT):
target     prot opt     source                destination          
ports
ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             67
->   68
Chain forward (policy DENY):
target     prot opt     source                destination          
ports
MASQ       all  ------  192.168.2.0/24       0.0.0.0/0             n/a
Chain output (policy
ACCEPT):                                                        
  

*****************************
The above chain policy does differ from the example given in the HOWTO 
- 
   chain forward (policy REJECT):
        target     prot opt     source               
destination           ports
        MASQ       all  ------  192.168.0.0/24      
0.0.0.0/0             n/a
        ACCEPT     all  ----l-  0.0.0.0/0           
0.0.0.0/0             n/a    
********************************

Again - thanks for any help!

-Trent

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
[Masq] MASQ

Reply via email to
